angular_rails_csrf 5.0.0 → 6.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -2
- data/lib/angular_rails_csrf/concern.rb +22 -13
- data/lib/angular_rails_csrf/version.rb +1 -1
- metadata +6 -132
- data/test/angular_rails_csrf_exception_test.rb +0 -18
- data/test/angular_rails_csrf_skip_test.rb +0 -14
- data/test/angular_rails_csrf_test.rb +0 -152
- data/test/dummy/app/assets/config/manifest.js +0 -4
- data/test/dummy/app/controllers/api_controller.rb +0 -7
- data/test/dummy/app/controllers/application_controller.rb +0 -13
- data/test/dummy/app/controllers/exclusions_controller.rb +0 -9
- data/test/dummy/config/application.rb +0 -16
- data/test/dummy/config/boot.rb +0 -6
- data/test/dummy/config/environment.rb +0 -7
- data/test/dummy/config/routes.rb +0 -10
- data/test/dummy/config.ru +0 -6
- data/test/dummy/log/test.log +0 -144
- data/test/test_helper.rb +0 -18
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fd1f93c61de73220bcc0827bc1b460b0fd4440f5ec8597b01687aa2e0d50800e
|
4
|
+
data.tar.gz: 0a0133f2183e46d61798a0501ce8ebff0c43310210c8fdd245b8436289e10756
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fff212dd32057d2b57b26331d859354c4e969593e8e03901d8d002ac112b11694a04d47bd8432d4bd7e90ad52d1a3b14ec150e26d297f714891fab72c42a9b6a
|
7
|
+
data.tar.gz: d126f472156857b4b7460514de8fffe786ee697caee3835059bf8794cfbc5344e1c8c7473312fdb53bed369cf1622950f3b08f3c6acd7d70da009483d8e9e37e
|
data/README.md
CHANGED
@@ -1,8 +1,7 @@
|
|
1
1
|
## AngularJS-style CSRF Protection for Rails
|
2
2
|
|
3
3
|

|
4
|
-
|
5
|
-
[](https://codecov.io/gh/jsanders/angular_rails_csrf)
|
4
|
+

|
6
5
|

|
7
6
|
|
8
7
|
The AngularJS [ng.$http](http://docs.angularjs.org/api/ng.$http) service has built-in CSRF protection. By default, it looks for a cookie named `XSRF-TOKEN` and, if found, writes its value into an `X-XSRF-TOKEN` header, which the server compares with the CSRF token saved in the user's session.
|
@@ -9,25 +9,15 @@ module AngularRailsCsrf
|
|
9
9
|
end
|
10
10
|
|
11
11
|
def set_xsrf_token_cookie
|
12
|
-
return unless
|
12
|
+
return unless forgery_protection_enabled?
|
13
13
|
|
14
14
|
config = Rails.application.config
|
15
15
|
|
16
|
-
secure = option_from config, :angular_rails_csrf_secure
|
17
|
-
same_site = option_from config, :angular_rails_csrf_same_site, :lax
|
18
|
-
|
19
|
-
cookie_options = {
|
20
|
-
value: form_authenticity_token,
|
21
|
-
domain: option_from(config, :angular_rails_csrf_domain),
|
22
|
-
same_site: same_site,
|
23
|
-
httponly: option_from(config, :angular_rails_csrf_httponly, false),
|
24
|
-
secure: same_site.eql?(:none) || secure
|
25
|
-
}
|
26
|
-
|
27
16
|
cookie_name = option_from(config,
|
28
17
|
:angular_rails_csrf_cookie_name,
|
29
18
|
'XSRF-TOKEN')
|
30
|
-
|
19
|
+
|
20
|
+
cookies[cookie_name] = cookie_options_from(config)
|
31
21
|
end
|
32
22
|
|
33
23
|
def verified_request?
|
@@ -36,12 +26,31 @@ module AngularRailsCsrf
|
|
36
26
|
|
37
27
|
private
|
38
28
|
|
29
|
+
def cookie_options_from(config)
|
30
|
+
secure = option_from config, :angular_rails_csrf_secure
|
31
|
+
same_site = option_from config, :angular_rails_csrf_same_site, :lax
|
32
|
+
|
33
|
+
{
|
34
|
+
value: form_authenticity_token,
|
35
|
+
domain: option_from(config, :angular_rails_csrf_domain),
|
36
|
+
same_site: same_site,
|
37
|
+
httponly: option_from(config, :angular_rails_csrf_httponly, false),
|
38
|
+
secure: same_site.eql?(:none) || secure
|
39
|
+
}
|
40
|
+
end
|
41
|
+
|
39
42
|
# Fetches the given option from config
|
40
43
|
# If the option is not set, return a default value
|
41
44
|
def option_from(config, option, default = nil)
|
42
45
|
config.respond_to?(option) ? config.send(option) : default
|
43
46
|
end
|
44
47
|
|
48
|
+
def forgery_protection_enabled?
|
49
|
+
defined?(protect_against_forgery?) &&
|
50
|
+
protect_against_forgery? &&
|
51
|
+
!respond_to?(:__exclude_xsrf_token_cookie?)
|
52
|
+
end
|
53
|
+
|
45
54
|
module ClassMethods
|
46
55
|
def exclude_xsrf_token_cookie
|
47
56
|
class_eval do
|
metadata
CHANGED
@@ -1,58 +1,16 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: angular_rails_csrf
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 6.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- James Sanders
|
8
|
-
- Ilya
|
8
|
+
- Ilya Krukowski
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2023-11-14 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
|
-
- !ruby/object:Gem::Dependency
|
15
|
-
name: rake
|
16
|
-
requirement: !ruby/object:Gem::Requirement
|
17
|
-
requirements:
|
18
|
-
- - "~>"
|
19
|
-
- !ruby/object:Gem::Version
|
20
|
-
version: '13.0'
|
21
|
-
type: :development
|
22
|
-
prerelease: false
|
23
|
-
version_requirements: !ruby/object:Gem::Requirement
|
24
|
-
requirements:
|
25
|
-
- - "~>"
|
26
|
-
- !ruby/object:Gem::Version
|
27
|
-
version: '13.0'
|
28
|
-
- !ruby/object:Gem::Dependency
|
29
|
-
name: test-unit
|
30
|
-
requirement: !ruby/object:Gem::Requirement
|
31
|
-
requirements:
|
32
|
-
- - "~>"
|
33
|
-
- !ruby/object:Gem::Version
|
34
|
-
version: '3.2'
|
35
|
-
type: :development
|
36
|
-
prerelease: false
|
37
|
-
version_requirements: !ruby/object:Gem::Requirement
|
38
|
-
requirements:
|
39
|
-
- - "~>"
|
40
|
-
- !ruby/object:Gem::Version
|
41
|
-
version: '3.2'
|
42
|
-
- !ruby/object:Gem::Dependency
|
43
|
-
name: rails
|
44
|
-
requirement: !ruby/object:Gem::Requirement
|
45
|
-
requirements:
|
46
|
-
- - '='
|
47
|
-
- !ruby/object:Gem::Version
|
48
|
-
version: 7.0.0.rc1
|
49
|
-
type: :development
|
50
|
-
prerelease: false
|
51
|
-
version_requirements: !ruby/object:Gem::Requirement
|
52
|
-
requirements:
|
53
|
-
- - '='
|
54
|
-
- !ruby/object:Gem::Version
|
55
|
-
version: 7.0.0.rc1
|
56
14
|
- !ruby/object:Gem::Dependency
|
57
15
|
name: railties
|
58
16
|
requirement: !ruby/object:Gem::Requirement
|
@@ -73,62 +31,6 @@ dependencies:
|
|
73
31
|
- - "<"
|
74
32
|
- !ruby/object:Gem::Version
|
75
33
|
version: '8'
|
76
|
-
- !ruby/object:Gem::Dependency
|
77
|
-
name: codecov
|
78
|
-
requirement: !ruby/object:Gem::Requirement
|
79
|
-
requirements:
|
80
|
-
- - "~>"
|
81
|
-
- !ruby/object:Gem::Version
|
82
|
-
version: '0.2'
|
83
|
-
type: :development
|
84
|
-
prerelease: false
|
85
|
-
version_requirements: !ruby/object:Gem::Requirement
|
86
|
-
requirements:
|
87
|
-
- - "~>"
|
88
|
-
- !ruby/object:Gem::Version
|
89
|
-
version: '0.2'
|
90
|
-
- !ruby/object:Gem::Dependency
|
91
|
-
name: rubocop
|
92
|
-
requirement: !ruby/object:Gem::Requirement
|
93
|
-
requirements:
|
94
|
-
- - "~>"
|
95
|
-
- !ruby/object:Gem::Version
|
96
|
-
version: '1.0'
|
97
|
-
type: :development
|
98
|
-
prerelease: false
|
99
|
-
version_requirements: !ruby/object:Gem::Requirement
|
100
|
-
requirements:
|
101
|
-
- - "~>"
|
102
|
-
- !ruby/object:Gem::Version
|
103
|
-
version: '1.0'
|
104
|
-
- !ruby/object:Gem::Dependency
|
105
|
-
name: rubocop-performance
|
106
|
-
requirement: !ruby/object:Gem::Requirement
|
107
|
-
requirements:
|
108
|
-
- - "~>"
|
109
|
-
- !ruby/object:Gem::Version
|
110
|
-
version: '1.5'
|
111
|
-
type: :development
|
112
|
-
prerelease: false
|
113
|
-
version_requirements: !ruby/object:Gem::Requirement
|
114
|
-
requirements:
|
115
|
-
- - "~>"
|
116
|
-
- !ruby/object:Gem::Version
|
117
|
-
version: '1.5'
|
118
|
-
- !ruby/object:Gem::Dependency
|
119
|
-
name: simplecov
|
120
|
-
requirement: !ruby/object:Gem::Requirement
|
121
|
-
requirements:
|
122
|
-
- - "~>"
|
123
|
-
- !ruby/object:Gem::Version
|
124
|
-
version: '0.16'
|
125
|
-
type: :development
|
126
|
-
prerelease: false
|
127
|
-
version_requirements: !ruby/object:Gem::Requirement
|
128
|
-
requirements:
|
129
|
-
- - "~>"
|
130
|
-
- !ruby/object:Gem::Version
|
131
|
-
version: '0.16'
|
132
34
|
description: AngularJS style CSRF protection for Rails
|
133
35
|
email:
|
134
36
|
- sanderjd@gmail.com
|
@@ -143,20 +45,6 @@ files:
|
|
143
45
|
- lib/angular_rails_csrf/concern.rb
|
144
46
|
- lib/angular_rails_csrf/railtie.rb
|
145
47
|
- lib/angular_rails_csrf/version.rb
|
146
|
-
- test/angular_rails_csrf_exception_test.rb
|
147
|
-
- test/angular_rails_csrf_skip_test.rb
|
148
|
-
- test/angular_rails_csrf_test.rb
|
149
|
-
- test/dummy/app/assets/config/manifest.js
|
150
|
-
- test/dummy/app/controllers/api_controller.rb
|
151
|
-
- test/dummy/app/controllers/application_controller.rb
|
152
|
-
- test/dummy/app/controllers/exclusions_controller.rb
|
153
|
-
- test/dummy/config.ru
|
154
|
-
- test/dummy/config/application.rb
|
155
|
-
- test/dummy/config/boot.rb
|
156
|
-
- test/dummy/config/environment.rb
|
157
|
-
- test/dummy/config/routes.rb
|
158
|
-
- test/dummy/log/test.log
|
159
|
-
- test/test_helper.rb
|
160
48
|
homepage: https://github.com/jsanders/angular_rails_csrf
|
161
49
|
licenses:
|
162
50
|
- MIT
|
@@ -170,29 +58,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
170
58
|
requirements:
|
171
59
|
- - ">="
|
172
60
|
- !ruby/object:Gem::Version
|
173
|
-
version:
|
61
|
+
version: '3.0'
|
174
62
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
175
63
|
requirements:
|
176
64
|
- - ">="
|
177
65
|
- !ruby/object:Gem::Version
|
178
66
|
version: '0'
|
179
67
|
requirements: []
|
180
|
-
rubygems_version: 3.
|
68
|
+
rubygems_version: 3.4.21
|
181
69
|
signing_key:
|
182
70
|
specification_version: 4
|
183
71
|
summary: Support for AngularJS $http service style CSRF protection in Rails
|
184
|
-
test_files:
|
185
|
-
- test/angular_rails_csrf_exception_test.rb
|
186
|
-
- test/angular_rails_csrf_skip_test.rb
|
187
|
-
- test/angular_rails_csrf_test.rb
|
188
|
-
- test/dummy/app/assets/config/manifest.js
|
189
|
-
- test/dummy/app/controllers/api_controller.rb
|
190
|
-
- test/dummy/app/controllers/application_controller.rb
|
191
|
-
- test/dummy/app/controllers/exclusions_controller.rb
|
192
|
-
- test/dummy/config/application.rb
|
193
|
-
- test/dummy/config/boot.rb
|
194
|
-
- test/dummy/config/environment.rb
|
195
|
-
- test/dummy/config/routes.rb
|
196
|
-
- test/dummy/config.ru
|
197
|
-
- test/dummy/log/test.log
|
198
|
-
- test/test_helper.rb
|
72
|
+
test_files: []
|
@@ -1,18 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'test_helper'
|
4
|
-
|
5
|
-
class AngularRailsCsrfExceptionTest < ActionController::TestCase
|
6
|
-
tests ExclusionsController
|
7
|
-
|
8
|
-
setup do
|
9
|
-
@controller.allow_forgery_protection = true
|
10
|
-
@correct_token = @controller.send(:form_authenticity_token)
|
11
|
-
end
|
12
|
-
|
13
|
-
test 'a get does not set the XSRF-TOKEN cookie' do
|
14
|
-
get :index
|
15
|
-
assert_not_equal @correct_token, cookies['XSRF-TOKEN']
|
16
|
-
assert_response :success
|
17
|
-
end
|
18
|
-
end
|
@@ -1,14 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'test_helper'
|
4
|
-
|
5
|
-
class AngularRailsCsrfSkipTest < ActionController::TestCase
|
6
|
-
tests ApiController
|
7
|
-
|
8
|
-
test 'csrf-cookie is not set and no error if protect_against_forgery? is not defined' do
|
9
|
-
refute @controller.respond_to?(:protect_against_forgery?)
|
10
|
-
get :index
|
11
|
-
assert_nil cookies['XSRF-TOKEN']
|
12
|
-
assert_response :success
|
13
|
-
end
|
14
|
-
end
|
@@ -1,152 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require 'test_helper'
|
4
|
-
|
5
|
-
class AngularRailsCsrfTest < ActionController::TestCase
|
6
|
-
tests ApplicationController
|
7
|
-
|
8
|
-
test 'a get sets the XSRF-TOKEN cookie but does not require the X-XSRF-TOKEN header' do
|
9
|
-
get :index
|
10
|
-
assert_valid_cookie
|
11
|
-
assert_response :success
|
12
|
-
end
|
13
|
-
|
14
|
-
test 'a post raises an error without the X-XSRF-TOKEN header set' do
|
15
|
-
assert_raises ActionController::InvalidAuthenticityToken do
|
16
|
-
post :create
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
test 'a post raises an error with the X-XSRF-TOKEN header set to the wrong value' do
|
21
|
-
header_to 'garbage'
|
22
|
-
assert_raises ActionController::InvalidAuthenticityToken do
|
23
|
-
post :create
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
test 'a post is accepted if X-XSRF-TOKEN is set properly' do
|
28
|
-
header_to @controller.send(:form_authenticity_token)
|
29
|
-
post :create
|
30
|
-
assert_valid_cookie
|
31
|
-
assert_response :success
|
32
|
-
end
|
33
|
-
|
34
|
-
test 'csrf-cookie is not set if exclusion is enabled' do
|
35
|
-
refute @controller.respond_to?(:__exclude_xsrf_token_cookie?)
|
36
|
-
@controller.class_eval { exclude_xsrf_token_cookie }
|
37
|
-
get :index
|
38
|
-
assert_valid_cookie present: false
|
39
|
-
assert @controller.__exclude_xsrf_token_cookie?
|
40
|
-
assert_response :success
|
41
|
-
end
|
42
|
-
|
43
|
-
test 'the domain is used if present' do
|
44
|
-
config = Rails.application.config
|
45
|
-
def config.angular_rails_csrf_domain
|
46
|
-
:all
|
47
|
-
end
|
48
|
-
|
49
|
-
get :index
|
50
|
-
assert @response.headers['Set-Cookie'].include?('.test.host')
|
51
|
-
assert_valid_cookie
|
52
|
-
assert_response :success
|
53
|
-
ensure
|
54
|
-
config.instance_eval('undef :angular_rails_csrf_domain', __FILE__, __LINE__)
|
55
|
-
end
|
56
|
-
|
57
|
-
test 'the secure flag is set if configured' do
|
58
|
-
@request.headers['HTTPS'] = 'on'
|
59
|
-
|
60
|
-
config = Rails.application.config
|
61
|
-
config.define_singleton_method(:angular_rails_csrf_secure) { true }
|
62
|
-
|
63
|
-
get :index
|
64
|
-
assert @response.headers['Set-Cookie'].include?('secure')
|
65
|
-
assert_valid_cookie
|
66
|
-
assert_response :success
|
67
|
-
ensure
|
68
|
-
@request.headers['HTTPS'] = nil
|
69
|
-
config.instance_eval('undef :angular_rails_csrf_secure', __FILE__, __LINE__)
|
70
|
-
end
|
71
|
-
|
72
|
-
test 'a custom name is used if present' do
|
73
|
-
use_custom_cookie_name do
|
74
|
-
get :index
|
75
|
-
assert @response.headers['Set-Cookie'].include?('CUSTOM-COOKIE-NAME')
|
76
|
-
assert_valid_cookie name: 'CUSTOM-COOKIE-NAME'
|
77
|
-
assert_response :success
|
78
|
-
end
|
79
|
-
end
|
80
|
-
|
81
|
-
test 'the httponly flag is set if configured' do
|
82
|
-
config = Rails.application.config
|
83
|
-
config.define_singleton_method(:angular_rails_csrf_httponly) { true }
|
84
|
-
|
85
|
-
get :index
|
86
|
-
assert @response.headers['Set-Cookie'].include?('HttpOnly')
|
87
|
-
assert_valid_cookie
|
88
|
-
assert_response :success
|
89
|
-
ensure
|
90
|
-
config.instance_eval('undef :angular_rails_csrf_httponly', __FILE__, __LINE__)
|
91
|
-
end
|
92
|
-
|
93
|
-
test 'same_site is set to Lax by default' do
|
94
|
-
get :index
|
95
|
-
assert @response.headers['Set-Cookie'].include?('SameSite=Lax')
|
96
|
-
assert_valid_cookie
|
97
|
-
assert_response :success
|
98
|
-
end
|
99
|
-
|
100
|
-
test 'same_site can be configured' do
|
101
|
-
config = Rails.application.config
|
102
|
-
config.define_singleton_method(:angular_rails_csrf_same_site) { :strict }
|
103
|
-
|
104
|
-
get :index
|
105
|
-
assert @response.headers['Set-Cookie'].include?('SameSite=Strict')
|
106
|
-
assert_valid_cookie
|
107
|
-
assert_response :success
|
108
|
-
ensure
|
109
|
-
config.instance_eval('undef :angular_rails_csrf_same_site', __FILE__, __LINE__)
|
110
|
-
end
|
111
|
-
|
112
|
-
test 'secure is set automatically when same_site is set to none' do
|
113
|
-
@request.headers['HTTPS'] = 'on'
|
114
|
-
|
115
|
-
config = Rails.application.config
|
116
|
-
config.define_singleton_method(:angular_rails_csrf_same_site) { :none }
|
117
|
-
|
118
|
-
get :index
|
119
|
-
assert @response.headers['Set-Cookie'].include?('SameSite=None')
|
120
|
-
assert @response.headers['Set-Cookie'].include?('secure')
|
121
|
-
assert_valid_cookie
|
122
|
-
assert_response :success
|
123
|
-
ensure
|
124
|
-
config.instance_eval('undef :angular_rails_csrf_same_site', __FILE__, __LINE__)
|
125
|
-
end
|
126
|
-
|
127
|
-
private
|
128
|
-
|
129
|
-
# Helpers
|
130
|
-
|
131
|
-
def header_to(value)
|
132
|
-
@request.headers['X-XSRF-TOKEN'] = value
|
133
|
-
end
|
134
|
-
|
135
|
-
def assert_valid_cookie(name: 'XSRF-TOKEN', present: true)
|
136
|
-
cookie_valid = @controller.send(:valid_authenticity_token?, session, cookies[name])
|
137
|
-
cookie_valid = !cookie_valid unless present
|
138
|
-
assert cookie_valid
|
139
|
-
end
|
140
|
-
|
141
|
-
def use_custom_cookie_name
|
142
|
-
config = Rails.application.config
|
143
|
-
def config.angular_rails_csrf_cookie_name
|
144
|
-
'CUSTOM-COOKIE-NAME'
|
145
|
-
end
|
146
|
-
yield
|
147
|
-
ensure
|
148
|
-
eval <<-RUBY, binding, __FILE__, __LINE__ + 1
|
149
|
-
config.instance_eval('undef :angular_rails_csrf_cookie_name')
|
150
|
-
RUBY
|
151
|
-
end
|
152
|
-
end
|
@@ -1,16 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
require File.expand_path('boot', __dir__)
|
4
|
-
|
5
|
-
require 'action_controller/railtie'
|
6
|
-
|
7
|
-
Bundler.require(:default, Rails.env)
|
8
|
-
require 'angular_rails_csrf'
|
9
|
-
|
10
|
-
module Dummy
|
11
|
-
class Application < Rails::Application
|
12
|
-
config.secret_key_base = '5e6b6d2bd7bf26d02679ac958b520adf41b211eb0b8f33742abc5437711d0ad314baf13efc0d35d7568d2e469668a7021cf5e945c667bd16507777aedb770f83'
|
13
|
-
config.eager_load = false # You get yelled at if you don't set this
|
14
|
-
config.active_support.test_order = :random
|
15
|
-
end
|
16
|
-
end
|
data/test/dummy/config/boot.rb
DELETED
data/test/dummy/config/routes.rb
DELETED
data/test/dummy/config.ru
DELETED
data/test/dummy/log/test.log
DELETED
@@ -1,144 +0,0 @@
|
|
1
|
-
----------------------------------------------------------------------------
|
2
|
-
AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
|
3
|
-
----------------------------------------------------------------------------
|
4
|
-
Processing by ExclusionsController#index as HTML
|
5
|
-
Completed 200 OK in 0ms (Allocations: 214)
|
6
|
-
-------------------------------------------------------------------------------------------------------------
|
7
|
-
AngularRailsCsrfSkipTest: test_csrf-cookie_is_not_set_and_no_error_if_protect_against_forgery?_is_not_defined
|
8
|
-
-------------------------------------------------------------------------------------------------------------
|
9
|
-
Processing by ApiController#index as HTML
|
10
|
-
Completed 200 OK in 0ms (Allocations: 106)
|
11
|
-
--------------------------------------------------------
|
12
|
-
AngularRailsCsrfTest: test_the_domain_is_used_if_present
|
13
|
-
--------------------------------------------------------
|
14
|
-
Processing by ApplicationController#index as HTML
|
15
|
-
Completed 200 OK in 0ms (Allocations: 195)
|
16
|
-
------------------------------------------------------
|
17
|
-
AngularRailsCsrfTest: test_same_site_can_be_configured
|
18
|
-
------------------------------------------------------
|
19
|
-
Processing by ApplicationController#index as HTML
|
20
|
-
Completed 200 OK in 0ms (Allocations: 94)
|
21
|
-
-------------------------------------------------------------------------
|
22
|
-
AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
|
23
|
-
-------------------------------------------------------------------------
|
24
|
-
Processing by ApplicationController#index as HTML
|
25
|
-
Completed 200 OK in 0ms (Allocations: 91)
|
26
|
-
-------------------------------------------------------------------------------------
|
27
|
-
AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
|
28
|
-
-------------------------------------------------------------------------------------
|
29
|
-
Processing by ApplicationController#create as HTML
|
30
|
-
Can't verify CSRF token authenticity.
|
31
|
-
Completed 422 Unprocessable Entity in 0ms (Allocations: 182)
|
32
|
-
-----------------------------------------------------------
|
33
|
-
AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
|
34
|
-
-----------------------------------------------------------
|
35
|
-
Processing by ApplicationController#index as HTML
|
36
|
-
Completed 200 OK in 0ms (Allocations: 114)
|
37
|
-
-----------------------------------------------------------------------------
|
38
|
-
AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
|
39
|
-
-----------------------------------------------------------------------------
|
40
|
-
Processing by ApplicationController#create as HTML
|
41
|
-
Completed 200 OK in 0ms (Allocations: 105)
|
42
|
-
------------------------------------------------------------------------------------
|
43
|
-
AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
|
44
|
-
------------------------------------------------------------------------------------
|
45
|
-
Processing by ApplicationController#index as HTML
|
46
|
-
Completed 200 OK in 0ms (Allocations: 93)
|
47
|
-
--------------------------------------------------------------------------------------------------------
|
48
|
-
AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
|
49
|
-
--------------------------------------------------------------------------------------------------------
|
50
|
-
Processing by ApplicationController#index as HTML
|
51
|
-
Completed 200 OK in 0ms (Allocations: 93)
|
52
|
-
-------------------------------------------------------------
|
53
|
-
AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
|
54
|
-
-------------------------------------------------------------
|
55
|
-
Processing by ApplicationController#index as HTML
|
56
|
-
Completed 200 OK in 0ms (Allocations: 93)
|
57
|
-
---------------------------------------------------------------
|
58
|
-
AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
|
59
|
-
---------------------------------------------------------------
|
60
|
-
Processing by ApplicationController#index as HTML
|
61
|
-
Completed 200 OK in 0ms (Allocations: 93)
|
62
|
-
-----------------------------------------------------------------------------------------------------
|
63
|
-
AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
|
64
|
-
-----------------------------------------------------------------------------------------------------
|
65
|
-
Processing by ApplicationController#create as HTML
|
66
|
-
Can't verify CSRF token authenticity.
|
67
|
-
Completed 422 Unprocessable Entity in 0ms (Allocations: 110)
|
68
|
-
-----------------------------------------------------------------
|
69
|
-
AngularRailsCsrfTest: test_the_httponly_flag_is_set_if_configured
|
70
|
-
-----------------------------------------------------------------
|
71
|
-
Processing by ApplicationController#index as HTML
|
72
|
-
Completed 200 OK in 0ms (Allocations: 93)
|
73
|
-
------------------------------------------------------------------------------------
|
74
|
-
AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
|
75
|
-
------------------------------------------------------------------------------------
|
76
|
-
Processing by ApplicationController#index as HTML
|
77
|
-
Completed 200 OK in 0ms (Allocations: 342)
|
78
|
-
-----------------------------------------------------------------------------------------------------
|
79
|
-
AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
|
80
|
-
-----------------------------------------------------------------------------------------------------
|
81
|
-
Processing by ApplicationController#create as HTML
|
82
|
-
Can't verify CSRF token authenticity.
|
83
|
-
Completed 422 Unprocessable Entity in 0ms (Allocations: 200)
|
84
|
-
-----------------------------------------------------------
|
85
|
-
AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
|
86
|
-
-----------------------------------------------------------
|
87
|
-
Processing by ApplicationController#index as HTML
|
88
|
-
Completed 200 OK in 0ms (Allocations: 113)
|
89
|
-
-----------------------------------------------------------------------------
|
90
|
-
AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
|
91
|
-
-----------------------------------------------------------------------------
|
92
|
-
Processing by ApplicationController#create as HTML
|
93
|
-
Completed 200 OK in 0ms (Allocations: 105)
|
94
|
-
-------------------------------------------------------------
|
95
|
-
AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
|
96
|
-
-------------------------------------------------------------
|
97
|
-
Processing by ApplicationController#index as HTML
|
98
|
-
Completed 200 OK in 0ms (Allocations: 93)
|
99
|
-
------------------------------------------------------
|
100
|
-
AngularRailsCsrfTest: test_same_site_can_be_configured
|
101
|
-
------------------------------------------------------
|
102
|
-
Processing by ApplicationController#index as HTML
|
103
|
-
Completed 200 OK in 0ms (Allocations: 93)
|
104
|
-
-------------------------------------------------------------------------
|
105
|
-
AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
|
106
|
-
-------------------------------------------------------------------------
|
107
|
-
Processing by ApplicationController#index as HTML
|
108
|
-
Completed 200 OK in 0ms (Allocations: 91)
|
109
|
-
--------------------------------------------------------
|
110
|
-
AngularRailsCsrfTest: test_the_domain_is_used_if_present
|
111
|
-
--------------------------------------------------------
|
112
|
-
Processing by ApplicationController#index as HTML
|
113
|
-
Completed 200 OK in 0ms (Allocations: 112)
|
114
|
-
---------------------------------------------------------------
|
115
|
-
AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
|
116
|
-
---------------------------------------------------------------
|
117
|
-
Processing by ApplicationController#index as HTML
|
118
|
-
Completed 200 OK in 0ms (Allocations: 93)
|
119
|
-
--------------------------------------------------------------------------------------------------------
|
120
|
-
AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
|
121
|
-
--------------------------------------------------------------------------------------------------------
|
122
|
-
Processing by ApplicationController#index as HTML
|
123
|
-
Completed 200 OK in 0ms (Allocations: 93)
|
124
|
-
-----------------------------------------------------------------
|
125
|
-
AngularRailsCsrfTest: test_the_httponly_flag_is_set_if_configured
|
126
|
-
-----------------------------------------------------------------
|
127
|
-
Processing by ApplicationController#index as HTML
|
128
|
-
Completed 200 OK in 0ms (Allocations: 93)
|
129
|
-
-------------------------------------------------------------------------------------
|
130
|
-
AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
|
131
|
-
-------------------------------------------------------------------------------------
|
132
|
-
Processing by ApplicationController#create as HTML
|
133
|
-
Can't verify CSRF token authenticity.
|
134
|
-
Completed 422 Unprocessable Entity in 0ms (Allocations: 90)
|
135
|
-
-------------------------------------------------------------------------------------------------------------
|
136
|
-
AngularRailsCsrfSkipTest: test_csrf-cookie_is_not_set_and_no_error_if_protect_against_forgery?_is_not_defined
|
137
|
-
-------------------------------------------------------------------------------------------------------------
|
138
|
-
Processing by ApiController#index as HTML
|
139
|
-
Completed 200 OK in 0ms (Allocations: 100)
|
140
|
-
----------------------------------------------------------------------------
|
141
|
-
AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
|
142
|
-
----------------------------------------------------------------------------
|
143
|
-
Processing by ExclusionsController#index as HTML
|
144
|
-
Completed 200 OK in 0ms (Allocations: 87)
|
data/test/test_helper.rb
DELETED
@@ -1,18 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
# Configure Rails Environment
|
4
|
-
ENV['RAILS_ENV'] = 'test'
|
5
|
-
|
6
|
-
require 'simplecov'
|
7
|
-
SimpleCov.start do
|
8
|
-
add_filter 'test/'
|
9
|
-
add_filter '.github/'
|
10
|
-
end
|
11
|
-
|
12
|
-
if ENV['CI'] == 'true'
|
13
|
-
require 'codecov'
|
14
|
-
SimpleCov.formatter = SimpleCov::Formatter::Codecov
|
15
|
-
end
|
16
|
-
|
17
|
-
require File.expand_path('dummy/config/environment.rb', __dir__)
|
18
|
-
require 'rails/test_help'
|