angular_rails_csrf 5.0.0 → 6.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 777a87b5a6709b3c193f4205d7327790efa17a1a1d3686a8e49fc69b03e62e1b
-  data.tar.gz: b693aa26b63bc1772a8b14728414d3922e9a2c2a33be088f4f123ca06885c58a
+  metadata.gz: fd1f93c61de73220bcc0827bc1b460b0fd4440f5ec8597b01687aa2e0d50800e
+  data.tar.gz: 0a0133f2183e46d61798a0501ce8ebff0c43310210c8fdd245b8436289e10756
 SHA512:
-  metadata.gz: e0a0afe2adc0f5dd08d95c7776f219101a659e3ba4ad1ba4abc4392a5a8f6e70cb5c957174c443266665348be35d9a33936ec2b1aefa2abb6bf0cd7558933e72
-  data.tar.gz: 5bba0256727b1dd432178d5fe4405ae11d4591e2be1fee0d13ac9c4bdfe29108040b2247a3f7fa80d3f0d6c43a7e426ab47490db521b1f1ec659625ef397a18c
+  metadata.gz: fff212dd32057d2b57b26331d859354c4e969593e8e03901d8d002ac112b11694a04d47bd8432d4bd7e90ad52d1a3b14ec150e26d297f714891fab72c42a9b6a
+  data.tar.gz: d126f472156857b4b7460514de8fffe786ee697caee3835059bf8794cfbc5344e1c8c7473312fdb53bed369cf1622950f3b08f3c6acd7d70da009483d8e9e37e

data/README.md

@@ -1,8 +1,7 @@
 ## AngularJS-style CSRF Protection for Rails
 
 ![Gem](https://img.shields.io/gem/v/angular_rails_csrf)
-[![Build Status](https://travis-ci.com/jsanders/angular_rails_csrf.svg?branch=master)](https://travis-ci.com/jsanders/angular_rails_csrf)
-[![Test Coverage](https://codecov.io/gh/jsanders/angular_rails_csrf/graph/badge.svg)](https://codecov.io/gh/jsanders/angular_rails_csrf)
+![CI](https://github.com/jsanders/angular_rails_csrf/actions/workflows/ci.yml/badge.svg)
 ![Downloads total](https://img.shields.io/gem/dt/angular_rails_csrf)
 
 The AngularJS [ng.$http](http://docs.angularjs.org/api/ng.$http) service has built-in CSRF protection. By default, it looks for a cookie named `XSRF-TOKEN` and, if found, writes its value into an `X-XSRF-TOKEN` header, which the server compares with the CSRF token saved in the user's session.

data/lib/angular_rails_csrf/concern.rb

@@ -9,25 +9,15 @@ module AngularRailsCsrf
     end
 
     def set_xsrf_token_cookie
-      return unless defined?(protect_against_forgery?) && protect_against_forgery? && !respond_to?(:__exclude_xsrf_token_cookie?)
+      return unless forgery_protection_enabled?
 
       config = Rails.application.config
 
-      secure = option_from config, :angular_rails_csrf_secure
-      same_site = option_from config, :angular_rails_csrf_same_site, :lax
-
-      cookie_options = {
-        value: form_authenticity_token,
-        domain: option_from(config, :angular_rails_csrf_domain),
-        same_site: same_site,
-        httponly: option_from(config, :angular_rails_csrf_httponly, false),
-        secure: same_site.eql?(:none) || secure
-      }
-
       cookie_name = option_from(config,
                                 :angular_rails_csrf_cookie_name,
                                 'XSRF-TOKEN')
-      cookies[cookie_name] = cookie_options
+
+      cookies[cookie_name] = cookie_options_from(config)
     end
 
     def verified_request?
@@ -36,12 +26,31 @@ module AngularRailsCsrf
 
     private
 
+    def cookie_options_from(config)
+      secure = option_from config, :angular_rails_csrf_secure
+      same_site = option_from config, :angular_rails_csrf_same_site, :lax
+
+      {
+        value: form_authenticity_token,
+        domain: option_from(config, :angular_rails_csrf_domain),
+        same_site: same_site,
+        httponly: option_from(config, :angular_rails_csrf_httponly, false),
+        secure: same_site.eql?(:none) || secure
+      }
+    end
+
     # Fetches the given option from config
     # If the option is not set, return a default value
     def option_from(config, option, default = nil)
       config.respond_to?(option) ? config.send(option) : default
     end
 
+    def forgery_protection_enabled?
+      defined?(protect_against_forgery?) &&
+        protect_against_forgery? &&
+        !respond_to?(:__exclude_xsrf_token_cookie?)
+    end
+
     module ClassMethods
       def exclude_xsrf_token_cookie
         class_eval do

data/lib/angular_rails_csrf/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AngularRailsCsrf
-  VERSION = '5.0.0'
+  VERSION = '6.0.0'
 end

metadata

@@ -1,58 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: angular_rails_csrf
 version: !ruby/object:Gem::Version
-  version: 5.0.0
+  version: 6.0.0
 platform: ruby
 authors:
 - James Sanders
-- Ilya Bodrov-Krukowski
+- Ilya Krukowski
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-14 00:00:00.000000000 Z
+date: 2023-11-14 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '13.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '13.0'
-- !ruby/object:Gem::Dependency
-  name: test-unit
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.2'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.2'
-- !ruby/object:Gem::Dependency
-  name: rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 7.0.0.rc1
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 7.0.0.rc1
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
@@ -73,62 +31,6 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '8'
-- !ruby/object:Gem::Dependency
-  name: codecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.2'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.2'
-- !ruby/object:Gem::Dependency
-  name: rubocop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
-- !ruby/object:Gem::Dependency
-  name: rubocop-performance
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.5'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.5'
-- !ruby/object:Gem::Dependency
-  name: simplecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.16'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.16'
 description: AngularJS style CSRF protection for Rails
 email:
 - sanderjd@gmail.com
@@ -143,20 +45,6 @@ files:
 - lib/angular_rails_csrf/concern.rb
 - lib/angular_rails_csrf/railtie.rb
 - lib/angular_rails_csrf/version.rb
-- test/angular_rails_csrf_exception_test.rb
-- test/angular_rails_csrf_skip_test.rb
-- test/angular_rails_csrf_test.rb
-- test/dummy/app/assets/config/manifest.js
-- test/dummy/app/controllers/api_controller.rb
-- test/dummy/app/controllers/application_controller.rb
-- test/dummy/app/controllers/exclusions_controller.rb
-- test/dummy/config.ru
-- test/dummy/config/application.rb
-- test/dummy/config/boot.rb
-- test/dummy/config/environment.rb
-- test/dummy/config/routes.rb
-- test/dummy/log/test.log
-- test/test_helper.rb
 homepage: https://github.com/jsanders/angular_rails_csrf
 licenses:
 - MIT
@@ -170,29 +58,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.6.0
+      version: '3.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.33
+rubygems_version: 3.4.21
 signing_key:
 specification_version: 4
 summary: Support for AngularJS $http service style CSRF protection in Rails
-test_files:
-- test/angular_rails_csrf_exception_test.rb
-- test/angular_rails_csrf_skip_test.rb
-- test/angular_rails_csrf_test.rb
-- test/dummy/app/assets/config/manifest.js
-- test/dummy/app/controllers/api_controller.rb
-- test/dummy/app/controllers/application_controller.rb
-- test/dummy/app/controllers/exclusions_controller.rb
-- test/dummy/config/application.rb
-- test/dummy/config/boot.rb
-- test/dummy/config/environment.rb
-- test/dummy/config/routes.rb
-- test/dummy/config.ru
-- test/dummy/log/test.log
-- test/test_helper.rb
+test_files: []

data/test/angular_rails_csrf_exception_test.rb

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-require 'test_helper'
-
-class AngularRailsCsrfExceptionTest < ActionController::TestCase
-  tests ExclusionsController
-
-  setup do
-    @controller.allow_forgery_protection = true
-    @correct_token = @controller.send(:form_authenticity_token)
-  end
-
-  test 'a get does not set the XSRF-TOKEN cookie' do
-    get :index
-    assert_not_equal @correct_token, cookies['XSRF-TOKEN']
-    assert_response :success
-  end
-end

data/test/angular_rails_csrf_skip_test.rb

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-
-require 'test_helper'
-
-class AngularRailsCsrfSkipTest < ActionController::TestCase
-  tests ApiController
-
-  test 'csrf-cookie is not set and no error if protect_against_forgery? is not defined' do
-    refute @controller.respond_to?(:protect_against_forgery?)
-    get :index
-    assert_nil cookies['XSRF-TOKEN']
-    assert_response :success
-  end
-end

data/test/angular_rails_csrf_test.rb

@@ -1,152 +0,0 @@
-# frozen_string_literal: true
-
-require 'test_helper'
-
-class AngularRailsCsrfTest < ActionController::TestCase
-  tests ApplicationController
-
-  test 'a get sets the XSRF-TOKEN cookie but does not require the X-XSRF-TOKEN header' do
-    get :index
-    assert_valid_cookie
-    assert_response :success
-  end
-
-  test 'a post raises an error without the X-XSRF-TOKEN header set' do
-    assert_raises ActionController::InvalidAuthenticityToken do
-      post :create
-    end
-  end
-
-  test 'a post raises an error with the X-XSRF-TOKEN header set to the wrong value' do
-    header_to 'garbage'
-    assert_raises ActionController::InvalidAuthenticityToken do
-      post :create
-    end
-  end
-
-  test 'a post is accepted if X-XSRF-TOKEN is set properly' do
-    header_to @controller.send(:form_authenticity_token)
-    post :create
-    assert_valid_cookie
-    assert_response :success
-  end
-
-  test 'csrf-cookie is not set if exclusion is enabled' do
-    refute @controller.respond_to?(:__exclude_xsrf_token_cookie?)
-    @controller.class_eval { exclude_xsrf_token_cookie }
-    get :index
-    assert_valid_cookie present: false
-    assert @controller.__exclude_xsrf_token_cookie?
-    assert_response :success
-  end
-
-  test 'the domain is used if present' do
-    config = Rails.application.config
-    def config.angular_rails_csrf_domain
-      :all
-    end
-
-    get :index
-    assert @response.headers['Set-Cookie'].include?('.test.host')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    config.instance_eval('undef :angular_rails_csrf_domain', __FILE__, __LINE__)
-  end
-
-  test 'the secure flag is set if configured' do
-    @request.headers['HTTPS'] = 'on'
-
-    config = Rails.application.config
-    config.define_singleton_method(:angular_rails_csrf_secure) { true }
-
-    get :index
-    assert @response.headers['Set-Cookie'].include?('secure')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    @request.headers['HTTPS'] = nil
-    config.instance_eval('undef :angular_rails_csrf_secure', __FILE__, __LINE__)
-  end
-
-  test 'a custom name is used if present' do
-    use_custom_cookie_name do
-      get :index
-      assert @response.headers['Set-Cookie'].include?('CUSTOM-COOKIE-NAME')
-      assert_valid_cookie name: 'CUSTOM-COOKIE-NAME'
-      assert_response :success
-    end
-  end
-
-  test 'the httponly flag is set if configured' do
-    config = Rails.application.config
-    config.define_singleton_method(:angular_rails_csrf_httponly) { true }
-
-    get :index
-    assert @response.headers['Set-Cookie'].include?('HttpOnly')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    config.instance_eval('undef :angular_rails_csrf_httponly', __FILE__, __LINE__)
-  end
-
-  test 'same_site is set to Lax by default' do
-    get :index
-    assert @response.headers['Set-Cookie'].include?('SameSite=Lax')
-    assert_valid_cookie
-    assert_response :success
-  end
-
-  test 'same_site can be configured' do
-    config = Rails.application.config
-    config.define_singleton_method(:angular_rails_csrf_same_site) { :strict }
-
-    get :index
-    assert @response.headers['Set-Cookie'].include?('SameSite=Strict')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    config.instance_eval('undef :angular_rails_csrf_same_site', __FILE__, __LINE__)
-  end
-
-  test 'secure is set automatically when same_site is set to none' do
-    @request.headers['HTTPS'] = 'on'
-
-    config = Rails.application.config
-    config.define_singleton_method(:angular_rails_csrf_same_site) { :none }
-
-    get :index
-    assert @response.headers['Set-Cookie'].include?('SameSite=None')
-    assert @response.headers['Set-Cookie'].include?('secure')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    config.instance_eval('undef :angular_rails_csrf_same_site', __FILE__, __LINE__)
-  end
-
-  private
-
-  # Helpers
-
-  def header_to(value)
-    @request.headers['X-XSRF-TOKEN'] = value
-  end
-
-  def assert_valid_cookie(name: 'XSRF-TOKEN', present: true)
-    cookie_valid = @controller.send(:valid_authenticity_token?, session, cookies[name])
-    cookie_valid = !cookie_valid unless present
-    assert cookie_valid
-  end
-
-  def use_custom_cookie_name
-    config = Rails.application.config
-    def config.angular_rails_csrf_cookie_name
-      'CUSTOM-COOKIE-NAME'
-    end
-    yield
-  ensure
-    eval <<-RUBY, binding, __FILE__, __LINE__ + 1
-      config.instance_eval('undef :angular_rails_csrf_cookie_name')
-    RUBY
-  end
-end

data/test/dummy/app/assets/config/manifest.js

@@ -1,4 +0,0 @@
-//= link_tree ../images
-//= link_tree ../fonts
-//= link_directory ../javascripts .js
-//= link_directory ../stylesheets .css

data/test/dummy/app/controllers/api_controller.rb

@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-
-class ApiController < ActionController::API
-  def index
-    head :ok
-  end
-end

data/test/dummy/app/controllers/application_controller.rb

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-class ApplicationController < ActionController::Base
-  protect_from_forgery with: :exception
-
-  def index
-    head :ok
-  end
-
-  def create
-    head :ok
-  end
-end

data/test/dummy/app/controllers/exclusions_controller.rb

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-class ExclusionsController < ApplicationController
-  exclude_xsrf_token_cookie
-
-  def index
-    head :ok
-  end
-end

data/test/dummy/config/application.rb

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-require File.expand_path('boot', __dir__)
-
-require 'action_controller/railtie'
-
-Bundler.require(:default, Rails.env)
-require 'angular_rails_csrf'
-
-module Dummy
-  class Application < Rails::Application
-    config.secret_key_base = '5e6b6d2bd7bf26d02679ac958b520adf41b211eb0b8f33742abc5437711d0ad314baf13efc0d35d7568d2e469668a7021cf5e945c667bd16507777aedb770f83'
-    config.eager_load = false # You get yelled at if you don't set this
-    config.active_support.test_order = :random
-  end
-end

data/test/dummy/config/boot.rb

@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-
-# Set up gems listed in the Gemfile.
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../Gemfile', __dir__)
-
-require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])

data/test/dummy/config/environment.rb

@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-
-# Load the Rails application.
-require File.expand_path('application', __dir__)
-
-# Initialize the Rails application.
-Dummy::Application.initialize!

data/test/dummy/config/routes.rb

@@ -1,10 +0,0 @@
-# frozen_string_literal: true
-
-Dummy::Application.routes.draw do
-  get  'test' => 'application#index'
-  post 'test' => 'application#create'
-
-  get 'exclusions' => 'exclusions#index'
-
-  get 'index' => 'api#index'
-end

data/test/dummy/config.ru

@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-
-# This file is used by Rack-based servers to start the application.
-
-require ::File.expand_path('config/environment', __dir__)
-run Rails.application

data/test/dummy/log/test.log

@@ -1,144 +0,0 @@
-----------------------------------------------------------------------------
-AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
-----------------------------------------------------------------------------
-Processing by ExclusionsController#index as HTML
-Completed 200 OK in 0ms (Allocations: 214)
--------------------------------------------------------------------------------------------------------------
-AngularRailsCsrfSkipTest: test_csrf-cookie_is_not_set_and_no_error_if_protect_against_forgery?_is_not_defined
--------------------------------------------------------------------------------------------------------------
-Processing by ApiController#index as HTML
-Completed 200 OK in 0ms (Allocations: 106)
---------------------------------------------------------
-AngularRailsCsrfTest: test_the_domain_is_used_if_present
---------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 195)
-------------------------------------------------------
-AngularRailsCsrfTest: test_same_site_can_be_configured
-------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 94)
--------------------------------------------------------------------------
-AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
--------------------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 91)
--------------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
--------------------------------------------------------------------------------------
-Processing by ApplicationController#create as HTML
-Can't verify CSRF token authenticity.
-Completed 422 Unprocessable Entity in 0ms (Allocations: 182)
------------------------------------------------------------
-AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 114)
------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
------------------------------------------------------------------------------
-Processing by ApplicationController#create as HTML
-Completed 200 OK in 0ms (Allocations: 105)
-------------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
-------------------------------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
---------------------------------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
---------------------------------------------------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
--------------------------------------------------------------
-AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
--------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
----------------------------------------------------------------
-AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
----------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
------------------------------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
------------------------------------------------------------------------------------------------------
-Processing by ApplicationController#create as HTML
-Can't verify CSRF token authenticity.
-Completed 422 Unprocessable Entity in 0ms (Allocations: 110)
------------------------------------------------------------------
-AngularRailsCsrfTest: test_the_httponly_flag_is_set_if_configured
------------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
-------------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
-------------------------------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 342)
------------------------------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
------------------------------------------------------------------------------------------------------
-Processing by ApplicationController#create as HTML
-Can't verify CSRF token authenticity.
-Completed 422 Unprocessable Entity in 0ms (Allocations: 200)
------------------------------------------------------------
-AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 113)
------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
------------------------------------------------------------------------------
-Processing by ApplicationController#create as HTML
-Completed 200 OK in 0ms (Allocations: 105)
--------------------------------------------------------------
-AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
--------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
-------------------------------------------------------
-AngularRailsCsrfTest: test_same_site_can_be_configured
-------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
--------------------------------------------------------------------------
-AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
--------------------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 91)
---------------------------------------------------------
-AngularRailsCsrfTest: test_the_domain_is_used_if_present
---------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 112)
----------------------------------------------------------------
-AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
----------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
---------------------------------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
---------------------------------------------------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
------------------------------------------------------------------
-AngularRailsCsrfTest: test_the_httponly_flag_is_set_if_configured
------------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
--------------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
--------------------------------------------------------------------------------------
-Processing by ApplicationController#create as HTML
-Can't verify CSRF token authenticity.
-Completed 422 Unprocessable Entity in 0ms (Allocations: 90)
--------------------------------------------------------------------------------------------------------------
-AngularRailsCsrfSkipTest: test_csrf-cookie_is_not_set_and_no_error_if_protect_against_forgery?_is_not_defined
--------------------------------------------------------------------------------------------------------------
-Processing by ApiController#index as HTML
-Completed 200 OK in 0ms (Allocations: 100)
-----------------------------------------------------------------------------
-AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
-----------------------------------------------------------------------------
-Processing by ExclusionsController#index as HTML
-Completed 200 OK in 0ms (Allocations: 87)

data/test/test_helper.rb

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-# Configure Rails Environment
-ENV['RAILS_ENV'] = 'test'
-
-require 'simplecov'
-SimpleCov.start do
-  add_filter 'test/'
-  add_filter '.github/'
-end
-
-if ENV['CI'] == 'true'
-  require 'codecov'
-  SimpleCov.formatter = SimpleCov::Formatter::Codecov
-end
-
-require File.expand_path('dummy/config/environment.rb', __dir__)
-require 'rails/test_help'