Read more

Enable CSRF protection in Javascript tests

Henning Koch
October 08, 2013Software engineer at makandra GmbH

You might not know that Rails disables CSRF protection in tests Show archive.org snapshot . This means that if you accidentally forget to send the CSRF token for non-GET requests, your tests will be green even though your application is completely broken (a failed CSRF check usually logs out the user). Rails probably does this because CSRF protection sort of requires Javascript.

Illustration online protection

Rails Long Term Support

Rails LTS provides security patches for old versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2)

  • Prevents you from data breaches and liability risks
  • Upgrade at your own pace
  • Works with modern Rubies
Read more Show archive.org snapshot

You want to enable CSRF protection in Cucumber scenarios that can speak Javascript. To do so, copy the attached file to features/support. For this to work you also need the following things:

  1. RSpec stubs and mocks in Cucumber
  2. rspec_candy Show archive.org snapshot
  3. Cucumber: Detect if the current Capybara driver supports Javascript
Posted by Henning Koch to makandra dev (2013-10-08 14:58)