I recently added a before_action before protect_from_forgery
before_action :set_locale protect_from_forgery with: :exception
This causes an exception when a user tries to log in with devise.
the fix is simple (protect from forgery before doing other actions)
before_action :set_locale protect_from_forgery with: :exception, prepend: true
however - what concerns me is that the bug triggered an exception in production which was not caught in test.
steps to trigger the bug are
create an account
In the test, I don’t get the exception.
can anyone explain why?