From 245941101b1ea00a9b1af613c20b0ee994a43946 Mon Sep 17 00:00:00 2001 From: Sergey Nartimov Date: Fri, 9 Mar 2012 19:33:06 +0300 Subject: configure how unverified request will be handled can be configured using `:with` option in `protect_from_forgery` method or `request_forgery_protection_method` config option possible values: - :reset_session (default) - :exception new applications are generated with: protect_from_forgery :with => :exception --- railties/test/application/configuration_test.rb | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'railties/test/application') diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb index c9310aff87..ac5ac2b93e 100644 --- a/railties/test/application/configuration_test.rb +++ b/railties/test/application/configuration_test.rb @@ -275,19 +275,23 @@ module ApplicationTests require "#{app_path}/config/environment" + token = "cf50faa3fe97702ca1ae" + PostsController.any_instance.stubs(:form_authenticity_token).returns(token) + params = {:authenticity_token => token} + get "/posts/1" assert_match /patch/, last_response.body - patch "/posts/1" + patch "/posts/1", params assert_match /update/, last_response.body - patch "/posts/1" + patch "/posts/1", params assert_equal 200, last_response.status - put "/posts/1" + put "/posts/1", params assert_match /update/, last_response.body - put "/posts/1" + put "/posts/1", params assert_equal 200, last_response.status end @@ -528,6 +532,12 @@ module ApplicationTests end RUBY + app_file 'app/controllers/application_controller.rb', <<-RUBY + class ApplicationController < ActionController::Base + protect_from_forgery :with => :reset_session # as we are testing API here + end + RUBY + app_file 'app/controllers/posts_controller.rb', <<-RUBY class PostsController < ApplicationController def create -- cgit v1.2.3