Home/ Questions/Q 5955693
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T18:09:01+00:00

I have a rails3 app that uses protect_from_forgery in my base application controller. I’m

  • 0

I have a rails3 app that uses protect_from_forgery in my base application controller. I’m using ActionDispatch::IntegrationTest and want to ensure that authenticity tokens are present during certain integration tests.

I don’t want every functional test that executes a post to have to pass up an authenticity_token, so my test.rb file specifies:

  config.action_controller.allow_forgery_protection    = false

as the rails docs suggest.

For integration tests, however, I’d love to make sure that my forms are sending up the authenticity token properly. I cannot find any way to do this without changing the setting globally in config/environments/test.rb

If all my forms were generated with form_for I’d be content to trust that rails handles this, but I use ExtJS and have a number of ExtJS Forms that need to specify this manually, so I really should test that the plumbing is all working.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can simply change the value in your integration test setup:

    require 'test_helper'

class MyCrunchyIntegrationTest < ActionController::IntegrationTest
  fixtures :all

  def setup
    ActionController::Base.allow_forgery_protection = true
  end

  def teardown
    ActionController::Base.allow_forgery_protection = false
  end

  test "how awesome my application is" do
    # ...
  end
end
    • 0