From 7f53dca1a13e21ec4400a765f637b73c0f194979 Mon Sep 17 00:00:00 2001 From: Carlhuda Date: Fri, 19 Mar 2010 11:09:41 -0700 Subject: Fix protect_against_forgery --- railties/test/application/configuration_test.rb | 27 +++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'railties/test/application') diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb index 54cd751f4e..1b6c657d6d 100644 --- a/railties/test/application/configuration_test.rb +++ b/railties/test/application/configuration_test.rb @@ -228,5 +228,32 @@ module ApplicationTests get "/" assert_equal File.expand_path(__FILE__), last_response.headers["X-Lighttpd-Send-File"] end + + test "protect from forgery is the default in a new app" do + require "rails" + require "action_controller/railtie" + + class MyApp < Rails::Application + config.session_store :disabled + + routes.draw do + match "/" => "omg#index" + end + + class ::OmgController < ActionController::Base + protect_from_forgery + + def index + render :inline => "<%= csrf_meta_tag %>" + end + end + end + + require 'rack/test' + extend Rack::Test::Methods + + get "/" + assert last_response.body =~ /csrf\-param/ + end end end -- cgit v1.2.3 From 87db863fa212abd45be008c40ba1fb7ea26b6b60 Mon Sep 17 00:00:00 2001 From: Joshua Peek Date: Sat, 20 Mar 2010 15:14:59 -0500 Subject: Remove invalid builtin tests since we aren't adding that dir to the load path anymore --- railties/test/application/paths_test.rb | 18 ------------------ 1 file changed, 18 deletions(-) (limited to 'railties/test/application') diff --git a/railties/test/application/paths_test.rb b/railties/test/application/paths_test.rb index 511b8b629a..589e515d05 100644 --- a/railties/test/application/paths_test.rb +++ b/railties/test/application/paths_test.rb @@ -51,8 +51,6 @@ module ApplicationTests assert_path @paths.config.environment, "config", "environments", "development.rb" assert_equal root("app", "controllers"), @paths.app.controllers.to_a.first - assert_equal Pathname.new(File.dirname(__FILE__)).join("..", "..", "builtin", "rails_info").expand_path, - Pathname.new(@paths.app.controllers.to_a[1]).expand_path end test "booting up Rails yields a list of paths that are eager" do @@ -80,21 +78,5 @@ module ApplicationTests assert_not_in_load_path "tmp" assert_not_in_load_path "tmp", "cache" end - - test "controller paths include builtin in development mode" do - Rails.env.replace "development" - assert Rails::Application::Configuration.new("/").paths.app.controllers.paths.any? { |p| p =~ /builtin/ } - end - - test "controller paths does not have builtin_directories in test mode" do - Rails.env.replace "test" - assert !Rails::Application::Configuration.new("/").paths.app.controllers.paths.any? { |p| p =~ /builtin/ } - end - - test "controller paths does not have builtin_directories in production mode" do - Rails.env.replace "production" - assert !Rails::Application::Configuration.new("/").paths.app.controllers.paths.any? { |p| p =~ /builtin/ } - end - end end -- cgit v1.2.3