Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

format: :js causes fails on Rails 4.1.0.rc1 #950

Closed
rafamanzo opened this issue Mar 9, 2014 · 6 comments
Closed

format: :js causes fails on Rails 4.1.0.rc1 #950

rafamanzo opened this issue Mar 9, 2014 · 6 comments

Comments

@rafamanzo
Copy link

Controller specs for JS actions (format: :js) are failing with Rails 4.1.0.rc1 producing the following error:

ActionController::InvalidCrossOriginRequest:
       Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.

I'm just guessing but this could be a new Rails feature that is affecting RSpec that probably generates those requests from a different domain then expected by the application.

You can reproduce this by cloning https://github.com/mezuro/mezuro, on the branch rails4.1, after bundle install, run: rspec spec/controllers/repositories_controller_spec.rb.

From observing this application I can as well say this affects GET requests while POST requests still working fine.

Running the application on the browser raises no errors or warnings as well as cucumber tests. And the tests with Rails 4.0.3 are OK. Also, I've tested this against rspec-rails 2.14.1 and 3.0.0.beta with the same results.

Thanks a lot!
@rafamanzo rafamanzo mentioned this issue Mar 9, 2014
Closed
@JonRowe
Copy link
Member

JonRowe commented Mar 12, 2014

Cause: rails/rails#13345

@JonRowe
Copy link
Member

JonRowe commented Mar 12, 2014

Based off the PR it would seem you need to do xhr :get rather than get, or manually pass the verification token. We don't directly implement the get function, it's a part of the Rails test helpers so you should use their preferred method (xhr :get).

Closing because this would fail on MiniTest too...

/cc @myronmarston @alindeman

@JonRowe JonRowe closed this as completed Mar 12, 2014
@rafamanzo
Copy link
Author

Thanks @JonRowe, with xhr :get it worked as expected. Sorry for the inconvenience.

@JonRowe
Copy link
Member

JonRowe commented Mar 12, 2014

No worries, I had to research this to figure out what was going on! :)

arthurnn added a commit to arthurnn/24pullrequests that referenced this issue May 23, 2014
@arthurnn
Use xhr on get format: :js test
ee1163e 
see rspec/rspec-rails#950
@amritdeep
Copy link

This is helpful
http://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html#csrf-protection-from-remote-script-tags

arthurnn added a commit to 24pullrequests/24pullrequests that referenced this issue Dec 13, 2014
@arthurnn
Use xhr on get format: :js test
2166694 
see rspec/rspec-rails#950
@maguri
Copy link

maguri commented Feb 4, 2019

Last update, now you can use:

get :action, xhr: true, format: :js

@Matt-Yorkley Matt-Yorkley mentioned this issue Jun 21, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@JonRowe @rafamanzo @amritdeep @maguri