Browse files

Fix protect_against_forgery

  • Loading branch information...
1 parent 562154f commit 7f53dca1a13e21ec4400a765f637b73c0f194979 Carlhuda committed Mar 19, 2010
Showing with 30 additions and 1 deletion.
  1. +3 −1 actionpack/lib/action_controller/railtie.rb
  2. +27 −0 railties/test/application/configuration_test.rb
View
4 actionpack/lib/action_controller/railtie.rb
@@ -52,7 +52,9 @@ class Railtie < Rails::Railtie
ac.stylesheets_dir = paths.public.stylesheets.to_a.first
ac.secret = app.config.cookie_secret
- ActionController.base_hook { self.config.replace(ac) }
+ ActionController.base_hook do
+ self.config.merge!(ac)
+ end
end
initializer "action_controller.initialize_framework_caches" do
View
27 railties/test/application/configuration_test.rb
@@ -228,5 +228,32 @@ def index
get "/"
assert_equal File.expand_path(__FILE__), last_response.headers["X-Lighttpd-Send-File"]
end
+
+ test "protect from forgery is the default in a new app" do
+ require "rails"
+ require "action_controller/railtie"
+
+ class MyApp < Rails::Application
+ config.session_store :disabled
+
+ routes.draw do
+ match "/" => "omg#index"
+ end
+
+ class ::OmgController < ActionController::Base
+ protect_from_forgery
+
+ def index
+ render :inline => "<%= csrf_meta_tag %>"
+ end
+ end
+ end
+
+ require 'rack/test'
+ extend Rack::Test::Methods
+
+ get "/"
+ assert last_response.body =~ /csrf\-param/
+ end
end
end

0 comments on commit 7f53dca

Please sign in to comment.