RubyGems - angular_rails_csrf - Versions diffs - 4.0.1 → 4.5.0 - Mend

angular_rails_csrf 4.0.1 → 4.5.0

Files changed (12) hide show

checksums.yaml +4 -4
data/README.md +47 -3
data/Rakefile +1 -2
data/lib/angular_rails_csrf/concern.rb +26 -9
data/lib/angular_rails_csrf/version.rb +1 -1
data/test/angular_rails_csrf_skip_test.rb +14 -0
data/test/angular_rails_csrf_test.rb +77 -7
data/test/dummy/app/controllers/api_controller.rb +7 -0
data/test/dummy/config.ru +1 -1
data/test/dummy/config/routes.rb +2 -0
data/test/dummy/log/test.log +1521 -0
metadata +10 -6

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c9550b1153d6fc3681ca5ab87e090a89e5e9749ed1970e615cc9de966d40443d
-  data.tar.gz: 1fdee9f015377a53a7b214fb6ceea26bf5662775c683a8adcc09c73b477bd9b1
+  metadata.gz: fbbe5d4e901a8407bab7ff813f821b21461330470f2e6002d4e3d1a818eea858
+  data.tar.gz: 0e69f2eefcb28ae04e1b3de4ba04d00e6e3977235b725fa26d83d46ce33bcd3f
 SHA512:
-  metadata.gz: 1fff34c1250992f66d5c6f7fd77aa46f1747aa6b8436e05590c92df76deeb7996fe1d3f172b1dc13608be7849d8d2454d0631d8e57b20f5babca9f3cbea0787c
-  data.tar.gz: 6514ee06c8126a9f095df879a0240d790d33d421925c3c0718fce7161cd6e00690ddf82d8fced4e3b32a9fd7d76d0f35659a2a0b6db6c4258253f1bf7c1a47de
+  metadata.gz: 8ab71939bec130bfc22e79dabff8e904591990c178b03de610cb5592aa41bb6aeab73cf34340efe77592179c94b1b455029ee50f94955eca2f2bb28955f4f3f1
+  data.tar.gz: 0571fe4d59a0ed421942c37f357d34b3fd05f2fa8f5a98801d327d9054bf8cb5123f4b2c833053a34e82d96d103e53300d29c3303628c1c6d2a2d63bd43c07b7

data/README.md CHANGED

@@ -10,7 +10,7 @@ This project adds direct support for this scheme to your Rails application witho
 Note that there is nothing AngularJS specific here, and this will work with any other front-end that implements the same scheme.
-Check [version compatibility](https://github.com/jsanders/angular_rails_csrf/wiki/Version-Compatability) to learn which Rails/Rubies are currently supported.
+Check [version compatibility](https://github.com/jsanders/angular_rails_csrf/wiki/Version-Compatibility) to learn which Rails/Rubies are currently supported.
 ## Installation
@@ -52,6 +52,50 @@ end
 If `angular_rails_csrf_domain` is not set, it defaults to `nil`.
+### Secure Cookie
+To set a "secure" flag for the cookie, set the `angular_rails_csrf_secure` option to `true`:
+```ruby
+# application.rb
+class Application < Rails::Application
+  #...
+  config.angular_rails_csrf_secure = true
+end
+```
+`angular_rails_csrf_secure` defaults to `false`.
+### SameSite
+The SameSite attribute defaults to `:lax`. You can override this in the config:
+```ruby
+# application.rb
+class Application < Rails::Application
+  #...
+  config.angular_rails_csrf_same_site = :strict
+end
+```
+**NOTE**: When using `config.angular_rails_csrf_same_site = :none`, this gem automatically sets the cookie to `Secure` (`config.angular_rails_csrf_secure = true`) to comply with [the specifications](https://tools.ietf.org/html/draft-west-cookie-incrementalism-00).
+Please note that [Safari is known to have issues](https://bugs.webkit.org/show_bug.cgi?id=198181) with SameSite attribute set to `:none`.
+### HttpOnly Cookie
+To set the ["httponly" flag](https://owasp.org/www-community/HttpOnly) for your cookie, set the `angular_rails_csrf_httponly` option to `true`:
+```ruby
+# application.rb
+class Application < Rails::Application
+  #...
+  config.angular_rails_csrf_httponly = true
+end
+```
+`angular_rails_csrf_httponly` defaults to `false`.
 ### Exclusions
 Sometimes you will want to skip setting the XSRF token for certain controllers (for example, when using SSE or ActionCable, as discussed [here](https://github.com/jsanders/angular_rails_csrf/issues/7)):
@@ -59,7 +103,7 @@ Sometimes you will want to skip setting the XSRF token for certain controllers (
 ```ruby
 class ExclusionsController < ApplicationController
   exclude_xsrf_token_cookie
   # your actions here...
 end
 ```
@@ -78,6 +122,6 @@ and then
 $ rake test
 ```
-## License
+## License
 Licensed under the [MIT License](https://github.com/jsanders/angular_rails_csrf/blob/master/LICENSE).

data/Rakefile CHANGED

@@ -21,8 +21,7 @@ Bundler::GemHelper.install_tasks
 require 'rake/testtask'
 Rake::TestTask.new(:test) do |t|
-  t.libs << 'lib'
-  t.libs << 'test'
+  t.libs = %w[lib test]
   t.pattern = 'test/**/*_test.rb'
   t.verbose = false
 end

data/lib/angular_rails_csrf/concern.rb CHANGED

@@ -9,20 +9,37 @@ module AngularRailsCsrf
     end
     def set_xsrf_token_cookie
-      return unless protect_against_forgery? && !respond_to?(:__exclude_xsrf_token_cookie?)
+      return unless defined?(protect_against_forgery?) && protect_against_forgery? && !respond_to?(:__exclude_xsrf_token_cookie?)
       config = Rails.application.config
-      domain = config.respond_to?(:angular_rails_csrf_domain) ? config.angular_rails_csrf_domain : nil
-      cookie_name = config.respond_to?(:angular_rails_csrf_cookie_name) ? config.angular_rails_csrf_cookie_name : 'XSRF-TOKEN'
-      cookies[cookie_name] = {value: form_authenticity_token, domain: domain}
+      secure = option_from config, :angular_rails_csrf_secure
+      same_site = option_from config, :angular_rails_csrf_same_site, :lax
+      cookie_options = {
+        value: form_authenticity_token,
+        domain: option_from(config, :angular_rails_csrf_domain),
+        same_site: same_site,
+        httponly: option_from(config, :angular_rails_csrf_httponly, false),
+        secure: same_site.eql?(:none) || secure
+      }
+      cookie_name = option_from(config,
+                                :angular_rails_csrf_cookie_name,
+                                'XSRF-TOKEN')
+      cookies[cookie_name] = cookie_options
     end
     def verified_request?
-      if respond_to?(:valid_authenticity_token?, true)
-        super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN'])
-      else
-        super || form_authenticity_token == request.headers['X-XSRF-TOKEN']
-      end
+      super || valid_authenticity_token?(session, request.headers['X-XSRF-TOKEN'])
+    end
+    private
+    # Fetches the given option from config
+    # If the option is not set, return a default value
+    def option_from(config, option, default = nil)
+      config.respond_to?(option) ? config.send(option) : default
     end
     module ClassMethods

data/lib/angular_rails_csrf/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module AngularRailsCsrf
-  VERSION = '4.0.1'
+  VERSION = '4.5.0'
 end

data/test/angular_rails_csrf_skip_test.rb ADDED

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+require 'test_helper'
+class AngularRailsCsrfSkipTest < ActionController::TestCase
+  tests ApiController
+  test 'csrf-cookie is not set and no error if protect_against_forgery? is not defined' do
+    refute @controller.respond_to?(:protect_against_forgery?)
+    get :index
+    assert_nil cookies['XSRF-TOKEN']
+    assert_response :success
+  end
+end

data/test/angular_rails_csrf_test.rb CHANGED

@@ -31,6 +31,15 @@ class AngularRailsCsrfTest < ActionController::TestCase
     assert_response :success
   end
+  test 'csrf-cookie is not set if exclusion is enabled' do
+    refute @controller.respond_to?(:__exclude_xsrf_token_cookie?)
+    @controller.class_eval { exclude_xsrf_token_cookie }
+    get :index
+    assert_valid_cookie present: false
+    assert @controller.__exclude_xsrf_token_cookie?
+    assert_response :success
+  end
   test 'the domain is used if present' do
     config = Rails.application.config
     def config.angular_rails_csrf_domain
@@ -41,17 +50,80 @@ class AngularRailsCsrfTest < ActionController::TestCase
     assert @response.headers['Set-Cookie'].include?('.test.host')
     assert_valid_cookie
     assert_response :success
+  ensure
+    config.instance_eval('undef :angular_rails_csrf_domain', __FILE__, __LINE__)
+  end
+  test 'the secure flag is set if configured' do
+    @request.headers['HTTPS'] = 'on'
+    config = Rails.application.config
+    config.define_singleton_method(:angular_rails_csrf_secure) { true }
+    get :index
+    assert @response.headers['Set-Cookie'].include?('secure')
+    assert_valid_cookie
+    assert_response :success
+  ensure
+    @request.headers['HTTPS'] = nil
+    config.instance_eval('undef :angular_rails_csrf_secure', __FILE__, __LINE__)
   end
   test 'a custom name is used if present' do
     use_custom_cookie_name do
       get :index
       assert @response.headers['Set-Cookie'].include?('CUSTOM-COOKIE-NAME')
-      assert_valid_cookie('CUSTOM-COOKIE-NAME')
+      assert_valid_cookie name: 'CUSTOM-COOKIE-NAME'
       assert_response :success
     end
   end
+  test 'the httponly flag is set if configured' do
+    config = Rails.application.config
+    config.define_singleton_method(:angular_rails_csrf_httponly) { true }
+    get :index
+    assert @response.headers['Set-Cookie'].include?('HttpOnly')
+    assert_valid_cookie
+    assert_response :success
+  ensure
+    config.instance_eval('undef :angular_rails_csrf_httponly', __FILE__, __LINE__)
+  end
+  test 'same_site is set to Lax by default' do
+    get :index
+    assert @response.headers['Set-Cookie'].include?('SameSite=Lax')
+    assert_valid_cookie
+    assert_response :success
+  end
+  test 'same_site can be configured' do
+    config = Rails.application.config
+    config.define_singleton_method(:angular_rails_csrf_same_site) { :strict }
+    get :index
+    assert @response.headers['Set-Cookie'].include?('SameSite=Strict')
+    assert_valid_cookie
+    assert_response :success
+  ensure
+    config.instance_eval('undef :angular_rails_csrf_same_site', __FILE__, __LINE__)
+  end
+  test 'secure is set automatically when same_site is set to none' do
+    @request.headers['HTTPS'] = 'on'
+    config = Rails.application.config
+    config.define_singleton_method(:angular_rails_csrf_same_site) { :none }
+    get :index
+    assert @response.headers['Set-Cookie'].include?('SameSite=None')
+    assert @response.headers['Set-Cookie'].include?('secure')
+    assert_valid_cookie
+    assert_response :success
+  ensure
+    config.instance_eval('undef :angular_rails_csrf_same_site', __FILE__, __LINE__)
+  end
   private
   # Helpers
@@ -60,12 +132,10 @@ class AngularRailsCsrfTest < ActionController::TestCase
     @request.headers['X-XSRF-TOKEN'] = value
   end
-  def assert_valid_cookie(name = 'XSRF-TOKEN')
-    if @controller.respond_to?(:valid_authenticity_token?, true)
-      assert @controller.send(:valid_authenticity_token?, session, cookies[name])
-    else
-      assert_equal @controller.send(:form_authenticity_token), cookies['XSRF-TOKEN']
-    end
+  def assert_valid_cookie(name: 'XSRF-TOKEN', present: true)
+    cookie_valid = @controller.send(:valid_authenticity_token?, session, cookies[name])
+    cookie_valid = !cookie_valid unless present
+    assert cookie_valid
   end
   def use_custom_cookie_name

data/test/dummy/app/controllers/api_controller.rb ADDED

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+class ApiController < ActionController::API
+  def index
+    head :ok
+  end
+end

data/test/dummy/config.ru CHANGED

@@ -2,5 +2,5 @@
 # This file is used by Rack-based servers to start the application.
-require ::File.expand_path('../config/environment', __FILE__)
+require ::File.expand_path('config/environment', __dir__)
 run Rails.application

data/test/dummy/config/routes.rb CHANGED

@@ -5,4 +5,6 @@ Dummy::Application.routes.draw do
   post 'test' => 'application#create'
   get 'exclusions' => 'exclusions#index'
+  get 'index' => 'api#index'
 end

data/test/dummy/log/test.log CHANGED

@@ -701,3 +701,1524 @@ AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
 -----------------------------------------------------------------------------
 Processing by ApplicationController#create as HTML
 Completed 200 OK in 0ms (Allocations: 136)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 117)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 1ms (Allocations: 128)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 1ms (Allocations: 106)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 1ms (Allocations: 117)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 107)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 131)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 1ms (Allocations: 106)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 110)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 122)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 111)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 1ms (Allocations: 106)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+----------------------------------
+AngularRailsCsrfTest: test_exclude
+----------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 157)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 129)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+----------------------------------
+AngularRailsCsrfTest: test_exclude
+----------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 111)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 111)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+----------------------------------
+AngularRailsCsrfTest: test_exclude
+----------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 162)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 129)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+----------------------------------
+AngularRailsCsrfTest: test_exclude
+----------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 117)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 122)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 174)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 131)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 110)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 174)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 111)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 174)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 174)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 131)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 110)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 122)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 111)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 112)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 132)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 111)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 111)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 111)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 131)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 105)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 174)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 111)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 117)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 106)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 132)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 116)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 121)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 108)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 108)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 129)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 108)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 108)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 108)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 119)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 162)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 148)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 120)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 108)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 108)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 108)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 108)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 108)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 108)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 109)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 115)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 131)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 110)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 109)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 116)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 115)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 120)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 111)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+-------------------------------------------------------------------------------------------------------------
+AngularRailsCsrfSkipTest: test_csrf-cookie_is_not_set_and_no_error_if_protect_against_forgery?_is_not_defined
+-------------------------------------------------------------------------------------------------------------
+Processing by ApiController#index as HTML
+Completed 200 OK in 0ms (Allocations: 84)
+-------------------------------------------------------------------------------------------------------------
+AngularRailsCsrfSkipTest: test_csrf-cookie_is_not_set_and_no_error_if_protect_against_forgery?_is_not_defined
+-------------------------------------------------------------------------------------------------------------
+Processing by ApiController#index as HTML
+Completed 200 OK in 0ms (Allocations: 88)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 192)
+-----------------------------------------------------------------
+AngularRailsCsrfTest: test_the_httponly_flag_is_set_if_configured
+-----------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 105)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 115)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 110)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)
+-------------------------------------------------------------------------------------------------------------
+AngularRailsCsrfSkipTest: test_csrf-cookie_is_not_set_and_no_error_if_protect_against_forgery?_is_not_defined
+-------------------------------------------------------------------------------------------------------------
+Processing by ApiController#index as HTML
+Completed 200 OK in 0ms (Allocations: 88)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 500 Internal Server Error in 12ms (Allocations: 3012)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 500 Internal Server Error in 5ms (Allocations: 2927)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 111)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 500 Internal Server Error in 6ms (Allocations: 2927)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 500 Internal Server Error in 5ms (Allocations: 2927)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 500 Internal Server Error in 5ms (Allocations: 2927)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 500 Internal Server Error in 5ms (Allocations: 2927)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 500 Internal Server Error in 6ms (Allocations: 3046)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 500 Internal Server Error in 5ms (Allocations: 2927)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+-----------------------------------------------------------------
+AngularRailsCsrfTest: test_the_httponly_flag_is_set_if_configured
+-----------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 500 Internal Server Error in 5ms (Allocations: 2927)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)
+-------------------------------------------------------------------------------------------------------------
+AngularRailsCsrfSkipTest: test_csrf-cookie_is_not_set_and_no_error_if_protect_against_forgery?_is_not_defined
+-------------------------------------------------------------------------------------------------------------
+Processing by ApiController#index as HTML
+Completed 200 OK in 0ms (Allocations: 88)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 128)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 114)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 1ms (Allocations: 104)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 116)
+-----------------------------------------------------------------
+AngularRailsCsrfTest: test_the_httponly_flag_is_set_if_configured
+-----------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 115)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 98)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 125)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)
+-------------------------------------------------------------------------------------------------------------
+AngularRailsCsrfSkipTest: test_csrf-cookie_is_not_set_and_no_error_if_protect_against_forgery?_is_not_defined
+-------------------------------------------------------------------------------------------------------------
+Processing by ApiController#index as HTML
+Completed 200 OK in 0ms (Allocations: 88)
+-----------------------------------------------------------------
+AngularRailsCsrfTest: test_the_httponly_flag_is_set_if_configured
+-----------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 168)
+-----------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
+-----------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Completed 200 OK in 0ms (Allocations: 131)
+-------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
+-------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 105)
+---------------------------------------------------------------
+AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
+---------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+--------------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
+--------------------------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+-------------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
+-------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
+------------------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+-----------------------------------------------------------
+AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
+-----------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+-----------------------------------------------------------------------------------------------------
+AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
+-----------------------------------------------------------------------------------------------------
+Processing by ApplicationController#create as HTML
+Can't verify CSRF token authenticity.
+Completed 422 Unprocessable Entity in 0ms (Allocations: 103)
+--------------------------------------------------------
+AngularRailsCsrfTest: test_the_domain_is_used_if_present
+--------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 115)
+-------------------------------------------------------------------------
+AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
+-------------------------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 74)
+------------------------------------------------------
+AngularRailsCsrfTest: test_same_site_can_be_configured
+------------------------------------------------------
+Processing by ApplicationController#index as HTML
+Completed 200 OK in 0ms (Allocations: 104)
+----------------------------------------------------------------------------
+AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
+----------------------------------------------------------------------------
+Processing by ExclusionsController#index as HTML
+Completed 200 OK in 0ms (Allocations: 71)