Sha256: 3744c27a042ddd33e34a0a148c5a9032d95aa5416ec20a4ef429a8a1dece3182
Contents?: true
Size: 1.19 KB
Versions: 30
Compression:
Stored size: 1.19 KB
Contents
require 'rails_helper'
module MnoEnterprise
describe ApplicationController, type: :controller do
# Enable CSRF protection for this test
before { ActionController::Base.allow_forgery_protection = true }
# Anonymous controller
controller do
include MnoEnterprise::Concerns::Controllers::AngularCSRF
protect_from_forgery with: :exception
def index
render text: 'Hello World'
end
end
describe 'Angular CSRF' do
it 'provides the CSRF token to Angular in a cookie' do
get :index
expect(response.cookies['XSRF-TOKEN']).to be_instance_of(String)
end
it 'accepts the CSRF token to be provide via the headers' do
get :index
request.headers['X-XSRF-TOKEN'] = response.cookies['XSRF-TOKEN']
post :index
expect(response.status).to eq(200)
end
it 'cleans up the cookie on InvalidAuthenticityRequest' do
post :index
expect(response.status).to eq(422)
expect(response.cookies['XSRF-TOKEN']).to be_instance_of(String)
end
end
# Disable CSRF protection for all other tests
after { ActionController::Base.allow_forgery_protection = false }
end
end
Version data entries
30 entries across 30 versions & 1 rubygems