From 245941101b1ea00a9b1af613c20b0ee994a43946 Mon Sep 17 00:00:00 2001
From: Sergey Nartimov <just.lest@gmail.com>
Date: Fri, 9 Mar 2012 19:33:06 +0300
Subject: configure how unverified request will be handled
can be configured using `:with` option in `protect_from_forgery` method
or `request_forgery_protection_method` config option
possible values:
- :reset_session (default)
- :exception
new applications are generated with:
protect_from_forgery :with => :exception
---
railties/test/application/configuration_test.rb | 18 ++++++++++++++----
1 file changed, 14 insertions(+), 4 deletions(-)
(limited to 'railties/test')
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb
index c9310aff87..ac5ac2b93e 100644
--- a/railties/test/application/configuration_test.rb
+++ b/railties/test/application/configuration_test.rb
@@ -275,19 +275,23 @@ module ApplicationTests
require "#{app_path}/config/environment"
+ token = "cf50faa3fe97702ca1ae"
+ PostsController.any_instance.stubs(:form_authenticity_token).returns(token)
+ params = {:authenticity_token => token}
+
get "/posts/1"
assert_match /patch/, last_response.body
- patch "/posts/1"
+ patch "/posts/1", params
assert_match /update/, last_response.body
- patch "/posts/1"
+ patch "/posts/1", params
assert_equal 200, last_response.status
- put "/posts/1"
+ put "/posts/1", params
assert_match /update/, last_response.body
- put "/posts/1"
+ put "/posts/1", params
assert_equal 200, last_response.status
end
@@ -528,6 +532,12 @@ module ApplicationTests
end
RUBY
+ app_file 'app/controllers/application_controller.rb', <<-RUBY
+ class ApplicationController < ActionController::Base
+ protect_from_forgery :with => :reset_session # as we are testing API here
+ end
+ RUBY
+
app_file 'app/controllers/posts_controller.rb', <<-RUBY
class PostsController < ApplicationController
def create
--
cgit v1.2.3