hello,
I am building a page that has many ajax calls on the page, so when I
moved to rails 2.0, I, of course, noticed that my ajax calls stopped
working. After some research, I came up with the following solution.
I create a <div id="authenticity_token"><%=
form_authenticity_token
%></div> at the bottom of my document, so that I could easily grab the
value with javascript and include it in my ajax calls This worked
great, btw.
The problem comes when I am trying to write functional tests for the
these pages. For example, the following code:
def test_view_not_logged_in
get :view, :id => users(:quentin).id
assert_response :success
end
Creates the following error:
ActionView::TemplateError: No :secret given to the
#protect_from_forgery call. Set that or use a session store capable
of generating its own keys (Cookie Session Store).
On line #39 of account/_signup_form.rhtml
36: </div>
37: <a href="javascript:showNewImage()">Try a different
image </
a>
38: <% end -%>
39: <div id="form_authenticity_token"
class="hidden"><%form_authenticity_token %></div>
I am using the Cookie Session Store in my development and production
environements. Is there any difference in the test environment? I
could add the :secret when I do testing, but that is pretty
cumbersome.
thanks in advance for any help!
Greg
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Following up on my own post.... I guess that I need to make sure that forgery is turned on: <% if protect_against_forgery? %> <div id="authenticity_token"><%= form_authenticity_token %></div> <% end %> The test environment turns it off. On Feb 28, 4:21 pm, Greg <glhew...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> hello, > > I am building a page that has many ajax calls on the page, so when I > moved to rails 2.0, I, of course, noticed that my ajax calls stopped > working. After some research, I came up with the following solution. > > I create a <div id="authenticity_token"><%= form_authenticity_token > %></div> at the bottom of my document, so that I could easily grab the > value with javascript and include it in my ajax calls This worked > great, btw. > > The problem comes when I am trying to write functional tests for the > these pages. For example, the following code: > > def test_view_not_logged_in > get :view, :id => users(:quentin).id > assert_response :success > end > > Creates the following error: > > ActionView::TemplateError: No :secret given to the > #protect_from_forgery call. Set that or use a session store capable > of generating its own keys (Cookie Session Store). > On line #39 of account/_signup_form.rhtml > > 36: </div> > 37: <a href="javascript:showNewImage()">Try a different image </ > a> > 38: <% end -%> > 39: <div id="form_authenticity_token" class="hidden"><%> form_authenticity_token %></div> > > I am using the Cookie Session Store in my development and production > environements. Is there any difference in the test environment? I > could add the :secret when I do testing, but that is pretty > cumbersome. > > thanks in advance for any help! > > Greg--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hi, Unfortunately I also came into this bug so I created a patch and submitted it to lighthouse: http://rails.lighthouseapp.com/projects/8994-ruby-on-rails/tickets/242-patch-fixing-form_authenticity_token-in-the-test-environment It doesn''t merge correctly into 2.0.1, only edge. Tiago Macedo Greg wrote:> Following up on my own post.... > > I guess that I need to make sure that forgery is turned on: > > <% if protect_against_forgery? %> > <div id="authenticity_token"><%= form_authenticity_token %></div> > <% end %> > > The test environment turns it off. > > > On Feb 28, 4:21 pm, Greg <glhew...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > >> hello, >> >> I am building a page that has many ajax calls on the page, so when I >> moved to rails 2.0, I, of course, noticed that my ajax calls stopped >> working. After some research, I came up with the following solution. >> >> I create a <div id="authenticity_token"><%= form_authenticity_token >> %></div> at the bottom of my document, so that I could easily grab the >> value with javascript and include it in my ajax calls This worked >> great, btw. >> >> The problem comes when I am trying to write functional tests for the >> these pages. For example, the following code: >> >> def test_view_not_logged_in >> get :view, :id => users(:quentin).id >> assert_response :success >> end >> >> Creates the following error: >> >> ActionView::TemplateError: No :secret given to the >> #protect_from_forgery call. Set that or use a session store capable >> of generating its own keys (Cookie Session Store). >> On line #39 of account/_signup_form.rhtml >> >> 36: </div> >> 37: <a href="javascript:showNewImage()">Try a different image </ >> a> >> 38: <% end -%> >> 39: <div id="form_authenticity_token" class="hidden"><%>> form_authenticity_token %></div> >> >> I am using the Cookie Session Store in my development and production >> environements. Is there any difference in the test environment? I >> could add the :secret when I do testing, but that is pretty >> cumbersome. >> >> thanks in advance for any help! >> >> Greg >> > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---