Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

In AV::TC, move protect_against_forgery? from the test_case to the

_helper module included in the view.

- ensures that protect_against_forgery? is present when a helper
  included in a partial that is rendered by the template under test
  calls it (which happens in FormTagHelper#extra_tags_for_form, for
  example).

[#4700 state:resolved]

Signed-off-by: José Valim <jose.valim@gmail.com>
  • Loading branch information...
commit e02db06ece7aeecec7c37f5b0e3de7d65c8684e6 1 parent 9ae7e93
@dchelimsky dchelimsky authored josevalim committed
View
13 actionpack/lib/action_view/test_case.rb
@@ -89,16 +89,13 @@ def setup_with_controller
self.class.send(:include_helper_modules!)
make_test_case_available_to_view!
+ say_no_to_protect_against_forgery!
end
def config
@controller.config if @controller.respond_to?(:config)
end
- def protect_against_forgery?
- false
- end
-
def render(options = {}, local_assigns = {}, &block)
@rendered << output = _view.render(options, local_assigns, &block)
output
@@ -117,6 +114,14 @@ def response_from_page_or_rjs
HTML::Document.new(@rendered.blank? ? @output_buffer : @rendered).root
end
+ def say_no_to_protect_against_forgery!
+ _helpers.module_eval do
+ def protect_against_forgery?
+ false
+ end
+ end
+ end
+
def make_test_case_available_to_view!
test_case_instance = self
_helpers.module_eval do
View
15 actionpack/test/template/test_case_test.rb
@@ -122,6 +122,21 @@ def from_test_case; 'Word!'; end
helper_method :from_test_case
end
+ class IgnoreProtectAgainstForgeryTest < ActionView::TestCase
+ module HelperThatInvokesProtectAgainstForgery
+ def help_me
+ protect_against_forgery?
+ end
+ end
+
+ helper HelperThatInvokesProtectAgainstForgery
+
+ test "protect_from_forgery? in any helpers returns false" do
+ assert !_view.help_me
+ end
+
+ end
+
class ATestHelperTest < ActionView::TestCase
include SharedTests
test_case = self
Please sign in to comment.
Something went wrong with that request. Please try again.