functional testing with form_authenticity_token


I am building a page that has many ajax calls on the page, so when I moved to rails 2.0, I, of course, noticed that my ajax calls stopped working. After some research, I came up with the following solution.

I create a <div id="authenticity_token"><%= form_authenticity_token %></div> at the bottom of my document, so that I could easily grab the value with javascript and include it in my ajax calls This worked great, btw.

The problem comes when I am trying to write functional tests for the these pages. For example, the following code:

def test_view_not_logged_in   get :view, :id => users(:quentin).id   assert_response :success end

Creates the following error:

ActionView::TemplateError: No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store).     On line #39 of account/_signup_form.rhtml

    36: </div>     37: <a href="javascript:showNewImage()">Try a different image </

    38: <% end -%>     39: <div id="form_authenticity_token" class="hidden"><%= form_authenticity_token %></div>

I am using the Cookie Session Store in my development and production environements. Is there any difference in the test environment? I could add the :secret when I do testing, but that is pretty cumbersome.

thanks in advance for any help!


Following up on my own post....

I guess that I need to make sure that forgery is turned on:

<% if protect_against_forgery? %> <div id="authenticity_token"><%= form_authenticity_token %></div> <% end %>

The test environment turns it off.


Unfortunately I also came into this bug so I created a patch and submitted it to lighthouse:

It doesn't merge correctly into 2.0.1, only edge.

Tiago Macedo

Greg wrote: