Sha256: 75c77a0e7d5e1e9e5d9400fc7818972500b8764990e6a38186d46045606ba4c2

Contents?: true

Size: 1012 Bytes

Versions: 4

Compression:

Stored size: 1012 Bytes

Contents

require 'test_helper'

class AngularRailsCsrfTest < ActionController::TestCase
  tests ApplicationController

  setup do
    @controller.allow_forgery_protection = true
    @correct_token = @controller.send(:form_authenticity_token)
  end

  test "a get sets the XSRF-TOKEN cookie but does not require the X-XSRF-TOKEN header" do
    get :index
    assert_equal @correct_token, cookies['XSRF-TOKEN']
    assert_response :success
  end

  test "a post raises an error without the X-XSRF-TOKEN header set" do
    assert_raises ActionController::InvalidAuthenticityToken do
      post :create
    end
  end

  test "a post raises an error with the X-XSRF-TOKEN header set to the wrong value" do
    @request.headers['X-XSRF-TOKEN'] = 'garbage'
    assert_raises ActionController::InvalidAuthenticityToken do
      post :create
    end
  end

  test "a post is accepted if X-XSRF-TOKEN is set properly" do
    @request.headers['X-XSRF-TOKEN'] = @correct_token
    post :create
    assert_response :success
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
angular_rails_csrf-1.0.4 test/angular_rails_csrf_test.rb
angular_rails_csrf-1.0.3 test/angular_rails_csrf_test.rb
angular_rails_csrf-1.0.2 test/angular_rails_csrf_test.rb
angular_rails_csrf-1.0.1 test/angular_rails_csrf_test.rb