We’ve got a test case, something like

    def test_some_feature
      admin = create(:admin)
      provider = create(:provider)
      sign_in admin

      stub_the_feature(provider.id) do
        get :index, params: { provider_id: provider.id }, format: :js
      end

      assert_response :ok
      assert_template "index"
    end

This GET request works just fine when we try it on staging, I mean we still get the response expected but this test fails with:

ActionController::InvalidCrossOriginRequest: Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding....

I didn’t really get how this is considered cross origin request or why though as I don’t know much about that subject.

Is there any way to resolve this issue without doing something like (I am not even sure whether this would resolve the problem as only the test fails and on staging everything is just fine)

protect_from_forgery except: :index

Also I couldn’t find any documentation regarding the format option passed to get. Where could I find more info about that?

Cheers!