angular_rails_csrf 4.0.1 → 4.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c9550b1153d6fc3681ca5ab87e090a89e5e9749ed1970e615cc9de966d40443d
-  data.tar.gz: 1fdee9f015377a53a7b214fb6ceea26bf5662775c683a8adcc09c73b477bd9b1
+  metadata.gz: 9e43d5d53174346803640b31332eb2b531bfbcf348551eadbd2d799ab302c89f
+  data.tar.gz: 125aedeb7028a2a4052d2fe82430d603b86a344b2fec566eed77d1ed66828370
 SHA512:
-  metadata.gz: 1fff34c1250992f66d5c6f7fd77aa46f1747aa6b8436e05590c92df76deeb7996fe1d3f172b1dc13608be7849d8d2454d0631d8e57b20f5babca9f3cbea0787c
-  data.tar.gz: 6514ee06c8126a9f095df879a0240d790d33d421925c3c0718fce7161cd6e00690ddf82d8fced4e3b32a9fd7d76d0f35659a2a0b6db6c4258253f1bf7c1a47de
+  metadata.gz: 91f040a88da0b98f23c1a1d322c2a4d54c9bb4b2446f7305dcb035c25e931d59388489efd70216c5deb26a3e4bdf178c8beead059980b68923ece2f3a7c10907
+  data.tar.gz: bb1ebd352de7af530639a662d90714ee96cd0f417edacb722db987db3950719e9e2000fb2d27c44f037d9106502b217cb1dae28b4222becf476bb5546d03bcee

data/README.md

@@ -10,7 +10,7 @@ This project adds direct support for this scheme to your Rails application witho
 
 Note that there is nothing AngularJS specific here, and this will work with any other front-end that implements the same scheme.
 
-Check [version compatibility](https://github.com/jsanders/angular_rails_csrf/wiki/Version-Compatability) to learn which Rails/Rubies are currently supported.
+Check [version compatibility](https://github.com/jsanders/angular_rails_csrf/wiki/Version-Compatibility) to learn which Rails/Rubies are currently supported.
 
 ## Installation
 
@@ -52,6 +52,36 @@ end
 
 If `angular_rails_csrf_domain` is not set, it defaults to `nil`.
 
+### Secure Cookie
+
+To set a "secure" flag for the cookie, set the `angular_rails_csrf_secure` option to `true`:
+
+```ruby
+# application.rb
+class Application < Rails::Application
+  #...
+  config.angular_rails_csrf_secure = true
+end
+```
+
+`angular_rails_csrf_secure` defaults to `false`.
+
+### SameSite
+
+The SameSite attribute defaults to `:lax`. You can override this in the config:
+
+```ruby
+# application.rb
+class Application < Rails::Application
+  #...
+  config.angular_rails_csrf_same_site = :strict
+end
+```
+
+**NOTE**: When using `config.angular_rails_csrf_same_site = :none`, this gem automatically sets the cookie to `Secure` (`config.angular_rails_csrf_secure = true`) to comply with [the specifications](https://tools.ietf.org/html/draft-west-cookie-incrementalism-00).
+
+Please note that [Safari is known to have issues](https://bugs.webkit.org/show_bug.cgi?id=198181) with SameSite attribute set to `:none`.
+
 ### Exclusions
 
 Sometimes you will want to skip setting the XSRF token for certain controllers (for example, when using SSE or ActionCable, as discussed [here](https://github.com/jsanders/angular_rails_csrf/issues/7)):
@@ -59,7 +89,7 @@ Sometimes you will want to skip setting the XSRF token for certain controllers (
 ```ruby
 class ExclusionsController < ApplicationController
   exclude_xsrf_token_cookie
-  
+
   # your actions here...
 end
 ```
@@ -78,6 +108,6 @@ and then
 $ rake test
 ```
 
-## License 
+## License
 
 Licensed under the [MIT License](https://github.com/jsanders/angular_rails_csrf/blob/master/LICENSE).

data/Rakefile

@@ -21,8 +21,7 @@ Bundler::GemHelper.install_tasks
 require 'rake/testtask'
 
 Rake::TestTask.new(:test) do |t|
-  t.libs << 'lib'
-  t.libs << 'test'
+  t.libs = %w[lib test]
   t.pattern = 'test/**/*_test.rb'
   t.verbose = false
 end

data/lib/angular_rails_csrf/concern.rb

@@ -12,17 +12,41 @@ module AngularRailsCsrf
       return unless protect_against_forgery? && !respond_to?(:__exclude_xsrf_token_cookie?)
 
       config = Rails.application.config
-      domain = config.respond_to?(:angular_rails_csrf_domain) ? config.angular_rails_csrf_domain : nil
-      cookie_name = config.respond_to?(:angular_rails_csrf_cookie_name) ? config.angular_rails_csrf_cookie_name : 'XSRF-TOKEN'
-      cookies[cookie_name] = {value: form_authenticity_token, domain: domain}
+
+      same_site = same_site_from config
+      secure = secure_from config
+
+      cookie_options = {
+        value: form_authenticity_token,
+        domain: domain_from(config),
+        same_site: same_site,
+        secure: same_site.eql?(:none) || secure
+      }
+
+      cookie_name = cookie_name_from config
+      cookies[cookie_name] = cookie_options
     end
 
     def verified_request?
-      if respond_to?(:valid_authenticity_token?, true)
-        super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN'])
-      else
-        super || form_authenticity_token == request.headers['X-XSRF-TOKEN']
-      end
+      super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN'])
+    end
+
+    private
+
+    def same_site_from(config)
+      config.respond_to?(:angular_rails_csrf_same_site) ? config.angular_rails_csrf_same_site : :lax
+    end
+
+    def secure_from(config)
+      config.angular_rails_csrf_secure if config.respond_to?(:angular_rails_csrf_secure)
+    end
+
+    def domain_from(config)
+      config.respond_to?(:angular_rails_csrf_domain) ? config.angular_rails_csrf_domain : nil
+    end
+
+    def cookie_name_from(config)
+      config.respond_to?(:angular_rails_csrf_cookie_name) ? config.angular_rails_csrf_cookie_name : 'XSRF-TOKEN'
     end
 
     module ClassMethods

data/lib/angular_rails_csrf/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AngularRailsCsrf
-  VERSION = '4.0.1'
+  VERSION = '4.3.0'
 end

data/test/angular_rails_csrf_test.rb

@@ -31,6 +31,15 @@ class AngularRailsCsrfTest < ActionController::TestCase
     assert_response :success
   end
 
+  test 'csrf-cookie is not set if exclusion is enabled' do
+    refute @controller.respond_to?(:__exclude_xsrf_token_cookie?)
+    @controller.class_eval { exclude_xsrf_token_cookie }
+    get :index
+    assert_valid_cookie present: false
+    assert @controller.__exclude_xsrf_token_cookie?
+    assert_response :success
+  end
+
   test 'the domain is used if present' do
     config = Rails.application.config
     def config.angular_rails_csrf_domain
@@ -41,17 +50,68 @@ class AngularRailsCsrfTest < ActionController::TestCase
     assert @response.headers['Set-Cookie'].include?('.test.host')
     assert_valid_cookie
     assert_response :success
+  ensure
+    config.instance_eval('undef :angular_rails_csrf_domain', __FILE__, __LINE__)
+  end
+
+  test 'the secure flag is set if configured' do
+    @request.headers['HTTPS'] = 'on'
+
+    config = Rails.application.config
+    config.define_singleton_method(:angular_rails_csrf_secure) { true }
+
+    get :index
+    assert @response.headers['Set-Cookie'].include?('secure')
+    assert_valid_cookie
+    assert_response :success
+  ensure
+    @request.headers['HTTPS'] = nil
+    config.instance_eval('undef :angular_rails_csrf_secure', __FILE__, __LINE__)
   end
 
   test 'a custom name is used if present' do
     use_custom_cookie_name do
       get :index
       assert @response.headers['Set-Cookie'].include?('CUSTOM-COOKIE-NAME')
-      assert_valid_cookie('CUSTOM-COOKIE-NAME')
+      assert_valid_cookie name: 'CUSTOM-COOKIE-NAME'
       assert_response :success
     end
   end
 
+  test 'same_site is set to Lax by default' do
+    get :index
+    assert @response.headers['Set-Cookie'].include?('SameSite=Lax')
+    assert_valid_cookie
+    assert_response :success
+  end
+
+  test 'same_site can be configured' do
+    config = Rails.application.config
+    config.define_singleton_method(:angular_rails_csrf_same_site) { :strict }
+
+    get :index
+    assert @response.headers['Set-Cookie'].include?('SameSite=Strict')
+    assert_valid_cookie
+    assert_response :success
+  ensure
+    config.instance_eval('undef :angular_rails_csrf_same_site', __FILE__, __LINE__)
+  end
+
+  test 'secure is set automatically when same_site is set to none' do
+    @request.headers['HTTPS'] = 'on'
+
+    config = Rails.application.config
+    config.define_singleton_method(:angular_rails_csrf_same_site) { :none }
+
+    get :index
+    assert @response.headers['Set-Cookie'].include?('SameSite=None')
+    assert @response.headers['Set-Cookie'].include?('secure')
+    assert_valid_cookie
+    assert_response :success
+  ensure
+    config.instance_eval('undef :angular_rails_csrf_same_site', __FILE__, __LINE__)
+  end
+
   private
 
   # Helpers
@@ -60,12 +120,10 @@ class AngularRailsCsrfTest < ActionController::TestCase
     @request.headers['X-XSRF-TOKEN'] = value
   end
 
-  def assert_valid_cookie(name = 'XSRF-TOKEN')
-    if @controller.respond_to?(:valid_authenticity_token?, true)
-      assert @controller.send(:valid_authenticity_token?, session, cookies[name])
-    else
-      assert_equal @controller.send(:form_authenticity_token), cookies['XSRF-TOKEN']
-    end
+  def assert_valid_cookie(name: 'XSRF-TOKEN', present: true)
+    cookie_valid = @controller.send(:valid_authenticity_token?, session, cookies[name])
+    cookie_valid = !cookie_valid unless present
+    assert cookie_valid
   end
 
   def use_custom_cookie_name

data/test/dummy/log/test.log

@@ -701,3 +701,921 @@ AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
 -----------------------------------------------------------------------------
 Processing by ApplicationController#create as HTML
 Completed 200 OK in 0ms (Allocations: 136)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 117)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 1ms (Allocations: 128)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 1ms (Allocations: 106)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 1ms (Allocations: 117)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 107)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 131)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 1ms (Allocations: 106)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 110)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 122)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 111)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 1ms (Allocations: 106)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+----------------------------------
+AngularRailsCsrfTest: test_exclude
+----------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 157)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 129)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+----------------------------------
+AngularRailsCsrfTest: test_exclude
+----------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 111)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 111)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+----------------------------------
+AngularRailsCsrfTest: test_exclude
+----------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 162)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 129)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+----------------------------------
+AngularRailsCsrfTest: test_exclude
+----------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 117)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 122)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 174)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 131)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 110)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 174)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 111)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 174)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 174)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 131)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 110)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 122)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 111)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 112)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 132)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 111)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 111)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 111)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 131)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 105)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 174)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 111)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: angular_rails_csrf
 version: !ruby/object:Gem::Version
-  version: 4.0.1
+  version: 4.3.0
 platform: ruby
 authors:
 - James Sanders
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-12-23 00:00:00.000000000 Z
+date: 2020-05-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -45,14 +45,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.0.2.1
+        version: 6.0.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 6.0.2.1
+        version: 6.0.3
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
@@ -167,7 +167,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.5.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="