From 7f53dca1a13e21ec4400a765f637b73c0f194979 Mon Sep 17 00:00:00 2001
From: Carlhuda <carlhuda@engineyard.com>
Date: Fri, 19 Mar 2010 11:09:41 -0700
Subject: Fix protect_against_forgery

---
 railties/test/application/configuration_test.rb | 27 +++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

(limited to 'railties/test/application/configuration_test.rb')

diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index 54cd751f4e..1b6c657d6d 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -228,5 +228,32 @@ module ApplicationTests
       get "/"
       assert_equal File.expand_path(__FILE__), last_response.headers["X-Lighttpd-Send-File"]
     end
+
+    test "protect from forgery is the default in a new app" do
+      require "rails"
+      require "action_controller/railtie"
+
+      class MyApp < Rails::Application
+        config.session_store :disabled
+
+        routes.draw do
+          match "/" => "omg#index"
+        end
+
+        class ::OmgController < ActionController::Base
+          protect_from_forgery
+
+          def index
+            render :inline => "<%= csrf_meta_tag %>"
+          end
+        end
+      end
+
+      require 'rack/test'
+      extend Rack::Test::Methods
+
+      get "/"
+      assert last_response.body =~ /csrf\-param/
+    end
   end
 end
-- 
cgit v1.2.3