angular_rails_csrf 5.0.0 → 6.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 777a87b5a6709b3c193f4205d7327790efa17a1a1d3686a8e49fc69b03e62e1b
4
- data.tar.gz: b693aa26b63bc1772a8b14728414d3922e9a2c2a33be088f4f123ca06885c58a
3
+ metadata.gz: fd1f93c61de73220bcc0827bc1b460b0fd4440f5ec8597b01687aa2e0d50800e
4
+ data.tar.gz: 0a0133f2183e46d61798a0501ce8ebff0c43310210c8fdd245b8436289e10756
5
5
  SHA512:
6
- metadata.gz: e0a0afe2adc0f5dd08d95c7776f219101a659e3ba4ad1ba4abc4392a5a8f6e70cb5c957174c443266665348be35d9a33936ec2b1aefa2abb6bf0cd7558933e72
7
- data.tar.gz: 5bba0256727b1dd432178d5fe4405ae11d4591e2be1fee0d13ac9c4bdfe29108040b2247a3f7fa80d3f0d6c43a7e426ab47490db521b1f1ec659625ef397a18c
6
+ metadata.gz: fff212dd32057d2b57b26331d859354c4e969593e8e03901d8d002ac112b11694a04d47bd8432d4bd7e90ad52d1a3b14ec150e26d297f714891fab72c42a9b6a
7
+ data.tar.gz: d126f472156857b4b7460514de8fffe786ee697caee3835059bf8794cfbc5344e1c8c7473312fdb53bed369cf1622950f3b08f3c6acd7d70da009483d8e9e37e
data/README.md CHANGED
@@ -1,8 +1,7 @@
1
1
  ## AngularJS-style CSRF Protection for Rails
2
2
 
3
3
  ![Gem](https://img.shields.io/gem/v/angular_rails_csrf)
4
- [![Build Status](https://travis-ci.com/jsanders/angular_rails_csrf.svg?branch=master)](https://travis-ci.com/jsanders/angular_rails_csrf)
5
- [![Test Coverage](https://codecov.io/gh/jsanders/angular_rails_csrf/graph/badge.svg)](https://codecov.io/gh/jsanders/angular_rails_csrf)
4
+ ![CI](https://github.com/jsanders/angular_rails_csrf/actions/workflows/ci.yml/badge.svg)
6
5
  ![Downloads total](https://img.shields.io/gem/dt/angular_rails_csrf)
7
6
 
8
7
  The AngularJS [ng.$http](http://docs.angularjs.org/api/ng.$http) service has built-in CSRF protection. By default, it looks for a cookie named `XSRF-TOKEN` and, if found, writes its value into an `X-XSRF-TOKEN` header, which the server compares with the CSRF token saved in the user's session.
@@ -9,25 +9,15 @@ module AngularRailsCsrf
9
9
  end
10
10
 
11
11
  def set_xsrf_token_cookie
12
- return unless defined?(protect_against_forgery?) && protect_against_forgery? && !respond_to?(:__exclude_xsrf_token_cookie?)
12
+ return unless forgery_protection_enabled?
13
13
 
14
14
  config = Rails.application.config
15
15
 
16
- secure = option_from config, :angular_rails_csrf_secure
17
- same_site = option_from config, :angular_rails_csrf_same_site, :lax
18
-
19
- cookie_options = {
20
- value: form_authenticity_token,
21
- domain: option_from(config, :angular_rails_csrf_domain),
22
- same_site: same_site,
23
- httponly: option_from(config, :angular_rails_csrf_httponly, false),
24
- secure: same_site.eql?(:none) || secure
25
- }
26
-
27
16
  cookie_name = option_from(config,
28
17
  :angular_rails_csrf_cookie_name,
29
18
  'XSRF-TOKEN')
30
- cookies[cookie_name] = cookie_options
19
+
20
+ cookies[cookie_name] = cookie_options_from(config)
31
21
  end
32
22
 
33
23
  def verified_request?
@@ -36,12 +26,31 @@ module AngularRailsCsrf
36
26
 
37
27
  private
38
28
 
29
+ def cookie_options_from(config)
30
+ secure = option_from config, :angular_rails_csrf_secure
31
+ same_site = option_from config, :angular_rails_csrf_same_site, :lax
32
+
33
+ {
34
+ value: form_authenticity_token,
35
+ domain: option_from(config, :angular_rails_csrf_domain),
36
+ same_site: same_site,
37
+ httponly: option_from(config, :angular_rails_csrf_httponly, false),
38
+ secure: same_site.eql?(:none) || secure
39
+ }
40
+ end
41
+
39
42
  # Fetches the given option from config
40
43
  # If the option is not set, return a default value
41
44
  def option_from(config, option, default = nil)
42
45
  config.respond_to?(option) ? config.send(option) : default
43
46
  end
44
47
 
48
+ def forgery_protection_enabled?
49
+ defined?(protect_against_forgery?) &&
50
+ protect_against_forgery? &&
51
+ !respond_to?(:__exclude_xsrf_token_cookie?)
52
+ end
53
+
45
54
  module ClassMethods
46
55
  def exclude_xsrf_token_cookie
47
56
  class_eval do
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module AngularRailsCsrf
4
- VERSION = '5.0.0'
4
+ VERSION = '6.0.0'
5
5
  end
metadata CHANGED
@@ -1,58 +1,16 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: angular_rails_csrf
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.0.0
4
+ version: 6.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - James Sanders
8
- - Ilya Bodrov-Krukowski
8
+ - Ilya Krukowski
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-12-14 00:00:00.000000000 Z
12
+ date: 2023-11-14 00:00:00.000000000 Z
13
13
  dependencies:
14
- - !ruby/object:Gem::Dependency
15
- name: rake
16
- requirement: !ruby/object:Gem::Requirement
17
- requirements:
18
- - - "~>"
19
- - !ruby/object:Gem::Version
20
- version: '13.0'
21
- type: :development
22
- prerelease: false
23
- version_requirements: !ruby/object:Gem::Requirement
24
- requirements:
25
- - - "~>"
26
- - !ruby/object:Gem::Version
27
- version: '13.0'
28
- - !ruby/object:Gem::Dependency
29
- name: test-unit
30
- requirement: !ruby/object:Gem::Requirement
31
- requirements:
32
- - - "~>"
33
- - !ruby/object:Gem::Version
34
- version: '3.2'
35
- type: :development
36
- prerelease: false
37
- version_requirements: !ruby/object:Gem::Requirement
38
- requirements:
39
- - - "~>"
40
- - !ruby/object:Gem::Version
41
- version: '3.2'
42
- - !ruby/object:Gem::Dependency
43
- name: rails
44
- requirement: !ruby/object:Gem::Requirement
45
- requirements:
46
- - - '='
47
- - !ruby/object:Gem::Version
48
- version: 7.0.0.rc1
49
- type: :development
50
- prerelease: false
51
- version_requirements: !ruby/object:Gem::Requirement
52
- requirements:
53
- - - '='
54
- - !ruby/object:Gem::Version
55
- version: 7.0.0.rc1
56
14
  - !ruby/object:Gem::Dependency
57
15
  name: railties
58
16
  requirement: !ruby/object:Gem::Requirement
@@ -73,62 +31,6 @@ dependencies:
73
31
  - - "<"
74
32
  - !ruby/object:Gem::Version
75
33
  version: '8'
76
- - !ruby/object:Gem::Dependency
77
- name: codecov
78
- requirement: !ruby/object:Gem::Requirement
79
- requirements:
80
- - - "~>"
81
- - !ruby/object:Gem::Version
82
- version: '0.2'
83
- type: :development
84
- prerelease: false
85
- version_requirements: !ruby/object:Gem::Requirement
86
- requirements:
87
- - - "~>"
88
- - !ruby/object:Gem::Version
89
- version: '0.2'
90
- - !ruby/object:Gem::Dependency
91
- name: rubocop
92
- requirement: !ruby/object:Gem::Requirement
93
- requirements:
94
- - - "~>"
95
- - !ruby/object:Gem::Version
96
- version: '1.0'
97
- type: :development
98
- prerelease: false
99
- version_requirements: !ruby/object:Gem::Requirement
100
- requirements:
101
- - - "~>"
102
- - !ruby/object:Gem::Version
103
- version: '1.0'
104
- - !ruby/object:Gem::Dependency
105
- name: rubocop-performance
106
- requirement: !ruby/object:Gem::Requirement
107
- requirements:
108
- - - "~>"
109
- - !ruby/object:Gem::Version
110
- version: '1.5'
111
- type: :development
112
- prerelease: false
113
- version_requirements: !ruby/object:Gem::Requirement
114
- requirements:
115
- - - "~>"
116
- - !ruby/object:Gem::Version
117
- version: '1.5'
118
- - !ruby/object:Gem::Dependency
119
- name: simplecov
120
- requirement: !ruby/object:Gem::Requirement
121
- requirements:
122
- - - "~>"
123
- - !ruby/object:Gem::Version
124
- version: '0.16'
125
- type: :development
126
- prerelease: false
127
- version_requirements: !ruby/object:Gem::Requirement
128
- requirements:
129
- - - "~>"
130
- - !ruby/object:Gem::Version
131
- version: '0.16'
132
34
  description: AngularJS style CSRF protection for Rails
133
35
  email:
134
36
  - sanderjd@gmail.com
@@ -143,20 +45,6 @@ files:
143
45
  - lib/angular_rails_csrf/concern.rb
144
46
  - lib/angular_rails_csrf/railtie.rb
145
47
  - lib/angular_rails_csrf/version.rb
146
- - test/angular_rails_csrf_exception_test.rb
147
- - test/angular_rails_csrf_skip_test.rb
148
- - test/angular_rails_csrf_test.rb
149
- - test/dummy/app/assets/config/manifest.js
150
- - test/dummy/app/controllers/api_controller.rb
151
- - test/dummy/app/controllers/application_controller.rb
152
- - test/dummy/app/controllers/exclusions_controller.rb
153
- - test/dummy/config.ru
154
- - test/dummy/config/application.rb
155
- - test/dummy/config/boot.rb
156
- - test/dummy/config/environment.rb
157
- - test/dummy/config/routes.rb
158
- - test/dummy/log/test.log
159
- - test/test_helper.rb
160
48
  homepage: https://github.com/jsanders/angular_rails_csrf
161
49
  licenses:
162
50
  - MIT
@@ -170,29 +58,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
170
58
  requirements:
171
59
  - - ">="
172
60
  - !ruby/object:Gem::Version
173
- version: 2.6.0
61
+ version: '3.0'
174
62
  required_rubygems_version: !ruby/object:Gem::Requirement
175
63
  requirements:
176
64
  - - ">="
177
65
  - !ruby/object:Gem::Version
178
66
  version: '0'
179
67
  requirements: []
180
- rubygems_version: 3.2.33
68
+ rubygems_version: 3.4.21
181
69
  signing_key:
182
70
  specification_version: 4
183
71
  summary: Support for AngularJS $http service style CSRF protection in Rails
184
- test_files:
185
- - test/angular_rails_csrf_exception_test.rb
186
- - test/angular_rails_csrf_skip_test.rb
187
- - test/angular_rails_csrf_test.rb
188
- - test/dummy/app/assets/config/manifest.js
189
- - test/dummy/app/controllers/api_controller.rb
190
- - test/dummy/app/controllers/application_controller.rb
191
- - test/dummy/app/controllers/exclusions_controller.rb
192
- - test/dummy/config/application.rb
193
- - test/dummy/config/boot.rb
194
- - test/dummy/config/environment.rb
195
- - test/dummy/config/routes.rb
196
- - test/dummy/config.ru
197
- - test/dummy/log/test.log
198
- - test/test_helper.rb
72
+ test_files: []
@@ -1,18 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'test_helper'
4
-
5
- class AngularRailsCsrfExceptionTest < ActionController::TestCase
6
- tests ExclusionsController
7
-
8
- setup do
9
- @controller.allow_forgery_protection = true
10
- @correct_token = @controller.send(:form_authenticity_token)
11
- end
12
-
13
- test 'a get does not set the XSRF-TOKEN cookie' do
14
- get :index
15
- assert_not_equal @correct_token, cookies['XSRF-TOKEN']
16
- assert_response :success
17
- end
18
- end
@@ -1,14 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'test_helper'
4
-
5
- class AngularRailsCsrfSkipTest < ActionController::TestCase
6
- tests ApiController
7
-
8
- test 'csrf-cookie is not set and no error if protect_against_forgery? is not defined' do
9
- refute @controller.respond_to?(:protect_against_forgery?)
10
- get :index
11
- assert_nil cookies['XSRF-TOKEN']
12
- assert_response :success
13
- end
14
- end
@@ -1,152 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require 'test_helper'
4
-
5
- class AngularRailsCsrfTest < ActionController::TestCase
6
- tests ApplicationController
7
-
8
- test 'a get sets the XSRF-TOKEN cookie but does not require the X-XSRF-TOKEN header' do
9
- get :index
10
- assert_valid_cookie
11
- assert_response :success
12
- end
13
-
14
- test 'a post raises an error without the X-XSRF-TOKEN header set' do
15
- assert_raises ActionController::InvalidAuthenticityToken do
16
- post :create
17
- end
18
- end
19
-
20
- test 'a post raises an error with the X-XSRF-TOKEN header set to the wrong value' do
21
- header_to 'garbage'
22
- assert_raises ActionController::InvalidAuthenticityToken do
23
- post :create
24
- end
25
- end
26
-
27
- test 'a post is accepted if X-XSRF-TOKEN is set properly' do
28
- header_to @controller.send(:form_authenticity_token)
29
- post :create
30
- assert_valid_cookie
31
- assert_response :success
32
- end
33
-
34
- test 'csrf-cookie is not set if exclusion is enabled' do
35
- refute @controller.respond_to?(:__exclude_xsrf_token_cookie?)
36
- @controller.class_eval { exclude_xsrf_token_cookie }
37
- get :index
38
- assert_valid_cookie present: false
39
- assert @controller.__exclude_xsrf_token_cookie?
40
- assert_response :success
41
- end
42
-
43
- test 'the domain is used if present' do
44
- config = Rails.application.config
45
- def config.angular_rails_csrf_domain
46
- :all
47
- end
48
-
49
- get :index
50
- assert @response.headers['Set-Cookie'].include?('.test.host')
51
- assert_valid_cookie
52
- assert_response :success
53
- ensure
54
- config.instance_eval('undef :angular_rails_csrf_domain', __FILE__, __LINE__)
55
- end
56
-
57
- test 'the secure flag is set if configured' do
58
- @request.headers['HTTPS'] = 'on'
59
-
60
- config = Rails.application.config
61
- config.define_singleton_method(:angular_rails_csrf_secure) { true }
62
-
63
- get :index
64
- assert @response.headers['Set-Cookie'].include?('secure')
65
- assert_valid_cookie
66
- assert_response :success
67
- ensure
68
- @request.headers['HTTPS'] = nil
69
- config.instance_eval('undef :angular_rails_csrf_secure', __FILE__, __LINE__)
70
- end
71
-
72
- test 'a custom name is used if present' do
73
- use_custom_cookie_name do
74
- get :index
75
- assert @response.headers['Set-Cookie'].include?('CUSTOM-COOKIE-NAME')
76
- assert_valid_cookie name: 'CUSTOM-COOKIE-NAME'
77
- assert_response :success
78
- end
79
- end
80
-
81
- test 'the httponly flag is set if configured' do
82
- config = Rails.application.config
83
- config.define_singleton_method(:angular_rails_csrf_httponly) { true }
84
-
85
- get :index
86
- assert @response.headers['Set-Cookie'].include?('HttpOnly')
87
- assert_valid_cookie
88
- assert_response :success
89
- ensure
90
- config.instance_eval('undef :angular_rails_csrf_httponly', __FILE__, __LINE__)
91
- end
92
-
93
- test 'same_site is set to Lax by default' do
94
- get :index
95
- assert @response.headers['Set-Cookie'].include?('SameSite=Lax')
96
- assert_valid_cookie
97
- assert_response :success
98
- end
99
-
100
- test 'same_site can be configured' do
101
- config = Rails.application.config
102
- config.define_singleton_method(:angular_rails_csrf_same_site) { :strict }
103
-
104
- get :index
105
- assert @response.headers['Set-Cookie'].include?('SameSite=Strict')
106
- assert_valid_cookie
107
- assert_response :success
108
- ensure
109
- config.instance_eval('undef :angular_rails_csrf_same_site', __FILE__, __LINE__)
110
- end
111
-
112
- test 'secure is set automatically when same_site is set to none' do
113
- @request.headers['HTTPS'] = 'on'
114
-
115
- config = Rails.application.config
116
- config.define_singleton_method(:angular_rails_csrf_same_site) { :none }
117
-
118
- get :index
119
- assert @response.headers['Set-Cookie'].include?('SameSite=None')
120
- assert @response.headers['Set-Cookie'].include?('secure')
121
- assert_valid_cookie
122
- assert_response :success
123
- ensure
124
- config.instance_eval('undef :angular_rails_csrf_same_site', __FILE__, __LINE__)
125
- end
126
-
127
- private
128
-
129
- # Helpers
130
-
131
- def header_to(value)
132
- @request.headers['X-XSRF-TOKEN'] = value
133
- end
134
-
135
- def assert_valid_cookie(name: 'XSRF-TOKEN', present: true)
136
- cookie_valid = @controller.send(:valid_authenticity_token?, session, cookies[name])
137
- cookie_valid = !cookie_valid unless present
138
- assert cookie_valid
139
- end
140
-
141
- def use_custom_cookie_name
142
- config = Rails.application.config
143
- def config.angular_rails_csrf_cookie_name
144
- 'CUSTOM-COOKIE-NAME'
145
- end
146
- yield
147
- ensure
148
- eval <<-RUBY, binding, __FILE__, __LINE__ + 1
149
- config.instance_eval('undef :angular_rails_csrf_cookie_name')
150
- RUBY
151
- end
152
- end
@@ -1,4 +0,0 @@
1
- //= link_tree ../images
2
- //= link_tree ../fonts
3
- //= link_directory ../javascripts .js
4
- //= link_directory ../stylesheets .css
@@ -1,7 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class ApiController < ActionController::API
4
- def index
5
- head :ok
6
- end
7
- end
@@ -1,13 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class ApplicationController < ActionController::Base
4
- protect_from_forgery with: :exception
5
-
6
- def index
7
- head :ok
8
- end
9
-
10
- def create
11
- head :ok
12
- end
13
- end
@@ -1,9 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- class ExclusionsController < ApplicationController
4
- exclude_xsrf_token_cookie
5
-
6
- def index
7
- head :ok
8
- end
9
- end
@@ -1,16 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- require File.expand_path('boot', __dir__)
4
-
5
- require 'action_controller/railtie'
6
-
7
- Bundler.require(:default, Rails.env)
8
- require 'angular_rails_csrf'
9
-
10
- module Dummy
11
- class Application < Rails::Application
12
- config.secret_key_base = '5e6b6d2bd7bf26d02679ac958b520adf41b211eb0b8f33742abc5437711d0ad314baf13efc0d35d7568d2e469668a7021cf5e945c667bd16507777aedb770f83'
13
- config.eager_load = false # You get yelled at if you don't set this
14
- config.active_support.test_order = :random
15
- end
16
- end
@@ -1,6 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- # Set up gems listed in the Gemfile.
4
- ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../Gemfile', __dir__)
5
-
6
- require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
@@ -1,7 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- # Load the Rails application.
4
- require File.expand_path('application', __dir__)
5
-
6
- # Initialize the Rails application.
7
- Dummy::Application.initialize!
@@ -1,10 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- Dummy::Application.routes.draw do
4
- get 'test' => 'application#index'
5
- post 'test' => 'application#create'
6
-
7
- get 'exclusions' => 'exclusions#index'
8
-
9
- get 'index' => 'api#index'
10
- end
data/test/dummy/config.ru DELETED
@@ -1,6 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- # This file is used by Rack-based servers to start the application.
4
-
5
- require ::File.expand_path('config/environment', __dir__)
6
- run Rails.application
@@ -1,144 +0,0 @@
1
- ----------------------------------------------------------------------------
2
- AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
3
- ----------------------------------------------------------------------------
4
- Processing by ExclusionsController#index as HTML
5
- Completed 200 OK in 0ms (Allocations: 214)
6
- -------------------------------------------------------------------------------------------------------------
7
- AngularRailsCsrfSkipTest: test_csrf-cookie_is_not_set_and_no_error_if_protect_against_forgery?_is_not_defined
8
- -------------------------------------------------------------------------------------------------------------
9
- Processing by ApiController#index as HTML
10
- Completed 200 OK in 0ms (Allocations: 106)
11
- --------------------------------------------------------
12
- AngularRailsCsrfTest: test_the_domain_is_used_if_present
13
- --------------------------------------------------------
14
- Processing by ApplicationController#index as HTML
15
- Completed 200 OK in 0ms (Allocations: 195)
16
- ------------------------------------------------------
17
- AngularRailsCsrfTest: test_same_site_can_be_configured
18
- ------------------------------------------------------
19
- Processing by ApplicationController#index as HTML
20
- Completed 200 OK in 0ms (Allocations: 94)
21
- -------------------------------------------------------------------------
22
- AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
23
- -------------------------------------------------------------------------
24
- Processing by ApplicationController#index as HTML
25
- Completed 200 OK in 0ms (Allocations: 91)
26
- -------------------------------------------------------------------------------------
27
- AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
28
- -------------------------------------------------------------------------------------
29
- Processing by ApplicationController#create as HTML
30
- Can't verify CSRF token authenticity.
31
- Completed 422 Unprocessable Entity in 0ms (Allocations: 182)
32
- -----------------------------------------------------------
33
- AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
34
- -----------------------------------------------------------
35
- Processing by ApplicationController#index as HTML
36
- Completed 200 OK in 0ms (Allocations: 114)
37
- -----------------------------------------------------------------------------
38
- AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
39
- -----------------------------------------------------------------------------
40
- Processing by ApplicationController#create as HTML
41
- Completed 200 OK in 0ms (Allocations: 105)
42
- ------------------------------------------------------------------------------------
43
- AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
44
- ------------------------------------------------------------------------------------
45
- Processing by ApplicationController#index as HTML
46
- Completed 200 OK in 0ms (Allocations: 93)
47
- --------------------------------------------------------------------------------------------------------
48
- AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
49
- --------------------------------------------------------------------------------------------------------
50
- Processing by ApplicationController#index as HTML
51
- Completed 200 OK in 0ms (Allocations: 93)
52
- -------------------------------------------------------------
53
- AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
54
- -------------------------------------------------------------
55
- Processing by ApplicationController#index as HTML
56
- Completed 200 OK in 0ms (Allocations: 93)
57
- ---------------------------------------------------------------
58
- AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
59
- ---------------------------------------------------------------
60
- Processing by ApplicationController#index as HTML
61
- Completed 200 OK in 0ms (Allocations: 93)
62
- -----------------------------------------------------------------------------------------------------
63
- AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
64
- -----------------------------------------------------------------------------------------------------
65
- Processing by ApplicationController#create as HTML
66
- Can't verify CSRF token authenticity.
67
- Completed 422 Unprocessable Entity in 0ms (Allocations: 110)
68
- -----------------------------------------------------------------
69
- AngularRailsCsrfTest: test_the_httponly_flag_is_set_if_configured
70
- -----------------------------------------------------------------
71
- Processing by ApplicationController#index as HTML
72
- Completed 200 OK in 0ms (Allocations: 93)
73
- ------------------------------------------------------------------------------------
74
- AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
75
- ------------------------------------------------------------------------------------
76
- Processing by ApplicationController#index as HTML
77
- Completed 200 OK in 0ms (Allocations: 342)
78
- -----------------------------------------------------------------------------------------------------
79
- AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
80
- -----------------------------------------------------------------------------------------------------
81
- Processing by ApplicationController#create as HTML
82
- Can't verify CSRF token authenticity.
83
- Completed 422 Unprocessable Entity in 0ms (Allocations: 200)
84
- -----------------------------------------------------------
85
- AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
86
- -----------------------------------------------------------
87
- Processing by ApplicationController#index as HTML
88
- Completed 200 OK in 0ms (Allocations: 113)
89
- -----------------------------------------------------------------------------
90
- AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
91
- -----------------------------------------------------------------------------
92
- Processing by ApplicationController#create as HTML
93
- Completed 200 OK in 0ms (Allocations: 105)
94
- -------------------------------------------------------------
95
- AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
96
- -------------------------------------------------------------
97
- Processing by ApplicationController#index as HTML
98
- Completed 200 OK in 0ms (Allocations: 93)
99
- ------------------------------------------------------
100
- AngularRailsCsrfTest: test_same_site_can_be_configured
101
- ------------------------------------------------------
102
- Processing by ApplicationController#index as HTML
103
- Completed 200 OK in 0ms (Allocations: 93)
104
- -------------------------------------------------------------------------
105
- AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
106
- -------------------------------------------------------------------------
107
- Processing by ApplicationController#index as HTML
108
- Completed 200 OK in 0ms (Allocations: 91)
109
- --------------------------------------------------------
110
- AngularRailsCsrfTest: test_the_domain_is_used_if_present
111
- --------------------------------------------------------
112
- Processing by ApplicationController#index as HTML
113
- Completed 200 OK in 0ms (Allocations: 112)
114
- ---------------------------------------------------------------
115
- AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
116
- ---------------------------------------------------------------
117
- Processing by ApplicationController#index as HTML
118
- Completed 200 OK in 0ms (Allocations: 93)
119
- --------------------------------------------------------------------------------------------------------
120
- AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
121
- --------------------------------------------------------------------------------------------------------
122
- Processing by ApplicationController#index as HTML
123
- Completed 200 OK in 0ms (Allocations: 93)
124
- -----------------------------------------------------------------
125
- AngularRailsCsrfTest: test_the_httponly_flag_is_set_if_configured
126
- -----------------------------------------------------------------
127
- Processing by ApplicationController#index as HTML
128
- Completed 200 OK in 0ms (Allocations: 93)
129
- -------------------------------------------------------------------------------------
130
- AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
131
- -------------------------------------------------------------------------------------
132
- Processing by ApplicationController#create as HTML
133
- Can't verify CSRF token authenticity.
134
- Completed 422 Unprocessable Entity in 0ms (Allocations: 90)
135
- -------------------------------------------------------------------------------------------------------------
136
- AngularRailsCsrfSkipTest: test_csrf-cookie_is_not_set_and_no_error_if_protect_against_forgery?_is_not_defined
137
- -------------------------------------------------------------------------------------------------------------
138
- Processing by ApiController#index as HTML
139
- Completed 200 OK in 0ms (Allocations: 100)
140
- ----------------------------------------------------------------------------
141
- AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
142
- ----------------------------------------------------------------------------
143
- Processing by ExclusionsController#index as HTML
144
- Completed 200 OK in 0ms (Allocations: 87)
data/test/test_helper.rb DELETED
@@ -1,18 +0,0 @@
1
- # frozen_string_literal: true
2
-
3
- # Configure Rails Environment
4
- ENV['RAILS_ENV'] = 'test'
5
-
6
- require 'simplecov'
7
- SimpleCov.start do
8
- add_filter 'test/'
9
- add_filter '.github/'
10
- end
11
-
12
- if ENV['CI'] == 'true'
13
- require 'codecov'
14
- SimpleCov.formatter = SimpleCov::Formatter::Codecov
15
- end
16
-
17
- require File.expand_path('dummy/config/environment.rb', __dir__)
18
- require 'rails/test_help'