[英]Ruby-on-rails test raising InvalidCrossOriginRequest when rendering a JS view
I am testing a controller which has actions rendering views in format .js.erb .我正在测试一个控制器,它具有以 .js.erb 格式呈现视图的动作。 The tests on these actions raise the following error :对这些操作的测试会引发以下错误:
Minitest::UnexpectedError: ActionController::InvalidCrossOriginRequest: Security warning: an embedded tag on another site requested protected JavaScript. Minitest::UnexpectedError: ActionController::InvalidCrossOriginRequest: 安全警告:另一个站点上的嵌入标记请求受保护的 JavaScript。 If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.如果您知道自己在做什么,请继续并禁用此操作的伪造保护以允许跨源 JavaScript 嵌入。
The forgery protection causes this error, as when I put an exception on these actions its ok, but I dont want to disable it.伪造保护导致此错误,因为当我对这些操作设置异常时,它可以,但我不想禁用它。
Here is my controller :这是我的控制器:
class TasksController < ApplicationController
def new
# TODO add blah later
@task = Task.new
render 'tasks/show_form.js.erb'
end
def create
# FIXME there is bug here
@task = Task.new(task_params)
@task.user = current_user
authorize! :create, @task
save_task
end
def edit
@task = Task.find(params[:id])
authorize! :edit, @task
render 'tasks/show_form.js.erb'
end
def update
@task = Task.find(params[:id])
@task.assign_attributes(task_params)
authorize! :update, @task
save_task
end
def destroy
@task = Task.find(params[:id])
authorize! :destroy, @task
@task.destroy
@tasks = Task.accessible_by(current_ability)
end
private
def save_task
if @task.save
@tasks = Task.accessible_by(current_ability)
render 'tasks/hide_form.js.erb'
else
render 'tasks/show_form.js.erb'
end
end
def task_params
params.require(:task).permit(:title, :note, :completed)
end
end
Here is my test for this controller :这是我对这个控制器的测试:
require 'test_helper'
class TasksControllerTest < ActionDispatch::IntegrationTest
#include Devise::Test::ControllerHelpers
def setup
@task = tasks(:one)
@password = "password"
@confirmed_user = User.create(email: "#{rand(50000)}@example.com",
password: @password,
confirmed_at: "2020-02-01 11:35:56")
@unconfirmed_user = User.create(email: "#{rand(50000)}@example.com",
password: @password,
confirmed_at: "")
sign_in(user: @confirmed_user, password: @password)
end
test "should get new" do
get new_task_url
assert_response :success
end
test "should create task" do
assert_difference('Task.count') do
post tasks_url, params: {task: {title: 'Dont fail test !'}}
end
assert_redirected_to task_url(Task.last)
end
test "should get edit" do
get edit_task_url(@task)
assert_response :success
end
test "should update task" do
patch task_url(@task), params: {task: {title: 'updated'}}
assert_redirected_to task_url(@task)
article.reload
assert_equal "updated", article.title
end
test "should destroy task" do
assert_difference('Task.count', -1) do
delete task_url(@task)
end
assert_redirected_to tasks_url
end
end
Do any of you has an idea on how to correct this error ?你们中有人知道如何纠正这个错误吗?
Thank you in advance先感谢您
You might try changing your get request to use the same mechanism that the browser would for an AJAX request, a XMLHttpRequest.您可以尝试更改 get 请求以使用浏览器对 AJAX 请求的相同机制,即 XMLHttpRequest。 You can do this in rails testing with xhr您可以使用xhr在 rails 测试中执行此操作
In your case:在你的情况下:
xhr :get, new_task_url
This means you aren't bypassing rails defaults just to get your test to pass.这意味着您不是为了让测试通过而绕过 rails 默认值。
The solution was to put at the beginning of my controller解决方案是放在我的控制器的开头
skip_before_action :verify_authenticity_token, :only => [:edit, :new]
Hope this can help someone希望这可以帮助某人
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.