functional testing with form_authenticity_token


I am building a page that has many ajax calls on the page, so when I
moved to rails 2.0, I, of course, noticed that my ajax calls stopped
working. After some research, I came up with the following solution.

I create a <div id="authenticity_token"><%= form_authenticity_token
%></div> at the bottom of my document, so that I could easily grab the
value with javascript and include it in my ajax calls This worked
great, btw.

The problem comes when I am trying to write functional tests for the
these pages. For example, the following code:

def test_view_not_logged_in
  get :view, :id => users(:quentin).id
  assert_response :success

Creates the following error:

ActionView::TemplateError: No :secret given to the
#protect_from_forgery call. Set that or use a session store capable
of generating its own keys (Cookie Session Store).
    On line #39 of account/_signup_form.rhtml

    36: </div>
    37: <a href="javascript:showNewImage()">Try a different image </

    38: <% end -%>
    39: <div id="form_authenticity_token" class="hidden"><%=
form_authenticity_token %></div>

I am using the Cookie Session Store in my development and production
environements. Is there any difference in the test environment? I
could add the :secret when I do testing, but that is pretty

thanks in advance for any help!


Following up on my own post....

I guess that I need to make sure that forgery is turned on:

<% if protect_against_forgery? %>
<div id="authenticity_token"><%= form_authenticity_token %></div>
<% end %>

The test environment turns it off.


Unfortunately I also came into this bug so I created a patch and
submitted it to lighthouse:

It doesn't merge correctly into 2.0.1, only edge.

Tiago Macedo

Greg wrote: