Ruby-on-rails 测试在呈现 JS 视图时引发 InvalidCrossOriginRequest
[英]Ruby-on-rails test raising InvalidCrossOriginRequest when rendering a JS view
问题描述
I am testing a controller which has actions rendering views in format .js.erb .
我正在测试一个控制器,它具有以 .js.erb 格式呈现视图的动作。 The tests on these actions raise the following error :对这些操作的测试会引发以下错误:
Minitest::UnexpectedError: ActionController::InvalidCrossOriginRequest: Security warning: an embedded tag on another site requested protected JavaScript.
The forgery protection causes this error, as when I put an exception on these actions its ok, but I dont want to disable it.伪造保护导致此错误,因为当我对这些操作设置异常时,它可以,但我不想禁用它。
Here is my controller :这是我的控制器:
class TasksController < ApplicationController
def new
# TODO add blah later
@task = Task.new
render 'tasks/show_form.js.erb'
end
def create
# FIXME there is bug here
@task = Task.new(task_params)
@task.user = current_user
authorize! :create, @task
save_task
end
def edit
@task = Task.find(params[:id])
authorize! :edit, @task
render 'tasks/show_form.js.erb'
end
def update
@task = Task.find(params[:id])
@task.assign_attributes(task_params)
authorize! :update, @task
save_task
end
def destroy
@task = Task.find(params[:id])
authorize! :destroy, @task
@task.destroy
@tasks = Task.accessible_by(current_ability)
end
private
def save_task
if @task.save
@tasks = Task.accessible_by(current_ability)
render 'tasks/hide_form.js.erb'
else
render 'tasks/show_form.js.erb'
end
end
def task_params
params.require(:task).permit(:title, :note, :completed)
end
end
Here is my test for this controller :这是我对这个控制器的测试:
require 'test_helper'
class TasksControllerTest < ActionDispatch::IntegrationTest
#include Devise::Test::ControllerHelpers
def setup
@task = tasks(:one)
@password = "password"
@confirmed_user = User.create(email: "#{rand(50000)}@example.com",
password: @password,
confirmed_at: "2020-02-01 11:35:56")
@unconfirmed_user = User.create(email: "#{rand(50000)}@example.com",
password: @password,
confirmed_at: "")
sign_in(user: @confirmed_user, password: @password)
end
test "should get new" do
get new_task_url
assert_response :success
end
test "should create task" do
assert_difference('Task.count') do
post tasks_url, params: {task: {title: 'Dont fail test !'}}
end
assert_redirected_to task_url(Task.last)
end
test "should get edit" do
get edit_task_url(@task)
assert_response :success
end
test "should update task" do
patch task_url(@task), params: {task: {title: 'updated'}}
assert_redirected_to task_url(@task)
article.reload
assert_equal "updated", article.title
end
test "should destroy task" do
assert_difference('Task.count', -1) do
delete task_url(@task)
end
assert_redirected_to tasks_url
end
end
Do any of you has an idea on how to correct this error ?你们中有人知道如何纠正这个错误吗?
Thank you in advance先感谢您
2 个解决方案
解决方案1
6 2016-09-20 15:44:36
You might try changing your get request to use the same mechanism that the browser would for an AJAX request, a XMLHttpRequest.您可以尝试更改 get 请求以使用浏览器对 AJAX 请求的相同机制,即 XMLHttpRequest。 You can do this in rails testing with xhr您可以使用xhr在 rails 测试中执行此操作
In your case:在你的情况下:
xhr :get, new_task_url
This means you aren't bypassing rails defaults just to get your test to pass.这意味着您不是为了让测试通过而绕过 rails 默认值。
解决方案2
-3 已采纳 2016-09-20 15:38:42
The solution was to put at the beginning of my controller解决方案是放在我的控制器的开头
skip_before_action :verify_authenticity_token, :only => [:edit, :new]
Hope this can help someone希望这可以帮助某人
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.