angular_rails_csrf 5.0.0 → 7.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 777a87b5a6709b3c193f4205d7327790efa17a1a1d3686a8e49fc69b03e62e1b
-  data.tar.gz: b693aa26b63bc1772a8b14728414d3922e9a2c2a33be088f4f123ca06885c58a
+  metadata.gz: 1d0b9c0281d924d679f0a9b8b71f5d1b4842a4bc9b78ede13f848c3e91479668
+  data.tar.gz: 4efbd91eb24c813ceb2553e2834e5db627cdc4b23c4dedac37ec89e7f5465d80
 SHA512:
-  metadata.gz: e0a0afe2adc0f5dd08d95c7776f219101a659e3ba4ad1ba4abc4392a5a8f6e70cb5c957174c443266665348be35d9a33936ec2b1aefa2abb6bf0cd7558933e72
-  data.tar.gz: 5bba0256727b1dd432178d5fe4405ae11d4591e2be1fee0d13ac9c4bdfe29108040b2247a3f7fa80d3f0d6c43a7e426ab47490db521b1f1ec659625ef397a18c
+  metadata.gz: 9cbc548f3e81540ba29b5ca46fa331899337eabd34422e70777e96cbc5ee2443aa962b63bed1ae779f62667389bc761c8bbe1ae2adc2e998426c94290074588b
+  data.tar.gz: '08e800161939ca9a70f9007ba818d4f9d094dea85241329d99d4310e099034e4eaf95254dc08606c4d26be2b98d231d74ef9e80e970a382df0a6cc73945ad5fb'

data/CHANGELOG.md

@@ -0,0 +1,119 @@
+# Changelog
+
+## 7.0.0 (12-Nov-24)
+
+* **Breaking change**: require Ruby 3.2+. If you need support for older Rubies, stay on version 6
+* Set Railties dependency to `< 9`
+* Test with Rails 8
+* Do not test with Ruby 3.0 and 3.1
+
+## 6.0.0 (14-Nov-23)
+
+* **Breaking change**: drop support for Ruby < 3. If you need to support older Rubies, stay on v5. If you'd like to support *even older stuff*, v4.5.0 is your choice as it plays nicely with Rails 5.1 and Ruby 2.5.
+* Test only with Rails 7
+* Fix some failing tests, minor tweaks
+
+## 5.0.0 (14-Dec-21)
+
+* Add support for Rails 7.
+* Test against Rails 6.1 and Rails 7.0.
+* Test against Ruby 3.0.
+* Rails 5.1 is not supported officially anymore (but should still work fine).
+* Ruby < 2.7 is not supported anymore (has reached end of life) but should still work.
+
+## 4.5.0 (21-Sep-20)
+
+* Added a new [`HttpOnly` option](https://github.com/jsanders/angular_rails_csrf#httponly-cookie) (thanks, [@Lubo-mir](https://github.com/Lubo-mir))
+* Introduced some code refactorings
+
+## 4.4.0 (04-Aug-20)
+
+* Make the gem play nicely with controllers that do not have `protect_against_forgery?` method defined — for example, certain Doorkeeper controllers (thanks, [@amenz](https://github.com/amenz))
+* Updated dependencies and cops
+
+## 4.3.0 (18-May-20)
+
+* Ruby version 2.4 is no longer officially supported (though it still should work) - this is also due to the fact that [v2.4 is abanoded by Ruby core team as well](https://www.ruby-lang.org/en/news/2020/04/05/support-of-ruby-2-4-has-ended/). Required Ruby version is now 2.5+ according to [version compatibility](https://github.com/jsanders/angular_rails_csrf/wiki/Version-Compatibility).
+* Dropped backwards compatibility with older versions of Rails (v4 and below). [If you require Rails 4 support, use angular_rails_csrf v3]((https://github.com/jsanders/angular_rails_csrf/wiki/Version-Compatibility)).
+* Increased test coverage up to 100%.
+
+## 4.2.0 (31-Mar-20)
+
+* Added a new [`angular_rails_csrf_same_site` option](https://github.com/jsanders/angular_rails_csrf#samesite) which defaults to `:lax` (thanks, [@timobleeker](https://github.com/timobleeker))
+  + This option is introduced to comply with the latest changes: https://www.chromium.org/updates/same-site
+* Update cops
+
+## 4.1.0 (03-Feb-20)
+
+* Added a new [`angular_rails_csrf_secure` option](https://github.com/jsanders/angular_rails_csrf#secure-cookie) (thanks, [@DougKeller](https://github.com/DougKeller))
+* Tested against Ruby 2.7
+
+## 4.0.1 (23-Dec-19)
+
+* Updated dependencies, tested against more recent Rubies and Rails
+* Updated Gemfile for Bundler 2
+* Added Rubocop and SimpleCov
+
+## 4.0.0 (20-Aug-19)
+
+Updated:
+* Added support for Rails 6.0
+* Drop support for Rails 4
+
+## 3.2.0
+
+New feature:
+* Allow cookie's name to be customized (thanks, [@timobleeker](https://github.com/timobleeker))
+
+## 3.1.0
+
+Updated:
+* Added support for Rails 5.2.0
+
+Testing:
+* Tested against more recent Ruby/Rails versions
+
+## 3.0.0
+
+New feature:
+* Allow cookie domain to be set via `Rails.application.config` (thanks, [@gingermusketeer](https://github.com/gingermusketeer))
+
+Updated:
+* Dropped support for Rails < 4
+* Dropped official support for Ruby 2.2 though it should still work
+
+Testing:
+* Test against more recent versions of Ruby and Rails
+
+## 2.1.1
+
+Updated:
+* Added support for Rails 5.1.1
+
+Testing:
+* Test against more recent versions of Ruby
+* Test against Rails 5.1.1
+
+## 2.1.0
+
+Updated:
+* Added support for Rails 5.1
+
+Testing improvements:
+* Tested against Rails 5.1
+* Tested against Ruby 2.4.0
+* We are no longer testing against Rails < 4.2
+
+## 2.0.0
+
+**Breaking changes:**
+* Revert to `after_action` again (fixes [issues with Devise](https://github.com/jsanders/angular_rails_csrf/issues/17) and similar solutions)
+* Introduced a new `exclude_xsrf_token_cookie` class method to exclude setting CSRF token for certain controllers. This is done to take care of [problems with streaming](https://github.com/jsanders/angular_rails_csrf/issues/7).
+
+Updated:
+* Added support for Rails 5
+* `rails` dependency changed to `railties`
+
+Testing improvements:
+* Tested against Rails 5
+* Tested against Ruby 2.2.5 and 2.3.0

data/LICENSE.md

@@ -0,0 +1,20 @@
+Copyright 2024 James Sanders, Ilya Krukowski
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -1,8 +1,7 @@
 ## AngularJS-style CSRF Protection for Rails
 
 ![Gem](https://img.shields.io/gem/v/angular_rails_csrf)
-[![Build Status](https://travis-ci.com/jsanders/angular_rails_csrf.svg?branch=master)](https://travis-ci.com/jsanders/angular_rails_csrf)
-[![Test Coverage](https://codecov.io/gh/jsanders/angular_rails_csrf/graph/badge.svg)](https://codecov.io/gh/jsanders/angular_rails_csrf)
+![CI](https://github.com/jsanders/angular_rails_csrf/actions/workflows/ci.yml/badge.svg)
 ![Downloads total](https://img.shields.io/gem/dt/angular_rails_csrf)
 
 The AngularJS [ng.$http](http://docs.angularjs.org/api/ng.$http) service has built-in CSRF protection. By default, it looks for a cookie named `XSRF-TOKEN` and, if found, writes its value into an `X-XSRF-TOKEN` header, which the server compares with the CSRF token saved in the user's session.

data/lib/angular_rails_csrf/concern.rb

@@ -9,25 +9,15 @@ module AngularRailsCsrf
     end
 
     def set_xsrf_token_cookie
-      return unless defined?(protect_against_forgery?) && protect_against_forgery? && !respond_to?(:__exclude_xsrf_token_cookie?)
+      return unless forgery_protection_enabled?
 
       config = Rails.application.config
 
-      secure = option_from config, :angular_rails_csrf_secure
-      same_site = option_from config, :angular_rails_csrf_same_site, :lax
-
-      cookie_options = {
-        value: form_authenticity_token,
-        domain: option_from(config, :angular_rails_csrf_domain),
-        same_site: same_site,
-        httponly: option_from(config, :angular_rails_csrf_httponly, false),
-        secure: same_site.eql?(:none) || secure
-      }
-
       cookie_name = option_from(config,
                                 :angular_rails_csrf_cookie_name,
                                 'XSRF-TOKEN')
-      cookies[cookie_name] = cookie_options
+
+      cookies[cookie_name] = cookie_options_from(config)
     end
 
     def verified_request?
@@ -36,12 +26,33 @@ module AngularRailsCsrf
 
     private
 
+    def cookie_options_from(config)
+      secure = option_from config, :angular_rails_csrf_secure
+      same_site = option_from config, :angular_rails_csrf_same_site, :lax
+
+      {
+        value: form_authenticity_token,
+        domain: option_from(config, :angular_rails_csrf_domain),
+        same_site: same_site,
+        httponly: option_from(config, :angular_rails_csrf_httponly, false),
+        secure: same_site.eql?(:none) || secure
+      }
+    end
+
     # Fetches the given option from config
     # If the option is not set, return a default value
     def option_from(config, option, default = nil)
+      return default if config.nil?
+
       config.respond_to?(option) ? config.send(option) : default
     end
 
+    def forgery_protection_enabled?
+      defined?(protect_against_forgery?) &&
+        protect_against_forgery? &&
+        !respond_to?(:__exclude_xsrf_token_cookie?)
+    end
+
     module ClassMethods
       def exclude_xsrf_token_cookie
         class_eval do

data/lib/angular_rails_csrf/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AngularRailsCsrf
-  VERSION = '5.0.0'
+  VERSION = '7.0.0'
 end

metadata

@@ -1,58 +1,16 @@
 --- !ruby/object:Gem::Specification
 name: angular_rails_csrf
 version: !ruby/object:Gem::Version
-  version: 5.0.0
+  version: 7.0.0
 platform: ruby
 authors:
 - James Sanders
-- Ilya Bodrov-Krukowski
+- Ilya Krukowski
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-14 00:00:00.000000000 Z
+date: 2024-11-12 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '13.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '13.0'
-- !ruby/object:Gem::Dependency
-  name: test-unit
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.2'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.2'
-- !ruby/object:Gem::Dependency
-  name: rails
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 7.0.0.rc1
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 7.0.0.rc1
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
@@ -62,7 +20,7 @@ dependencies:
         version: '3'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '8'
+        version: '9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -72,63 +30,7 @@ dependencies:
         version: '3'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '8'
-- !ruby/object:Gem::Dependency
-  name: codecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.2'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.2'
-- !ruby/object:Gem::Dependency
-  name: rubocop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.0'
-- !ruby/object:Gem::Dependency
-  name: rubocop-performance
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.5'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '1.5'
-- !ruby/object:Gem::Dependency
-  name: simplecov
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.16'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.16'
+        version: '9'
 description: AngularJS style CSRF protection for Rails
 email:
 - sanderjd@gmail.com
@@ -137,26 +39,14 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- CHANGELOG.md
+- LICENSE.md
 - README.md
 - Rakefile
 - lib/angular_rails_csrf.rb
 - lib/angular_rails_csrf/concern.rb
 - lib/angular_rails_csrf/railtie.rb
 - lib/angular_rails_csrf/version.rb
-- test/angular_rails_csrf_exception_test.rb
-- test/angular_rails_csrf_skip_test.rb
-- test/angular_rails_csrf_test.rb
-- test/dummy/app/assets/config/manifest.js
-- test/dummy/app/controllers/api_controller.rb
-- test/dummy/app/controllers/application_controller.rb
-- test/dummy/app/controllers/exclusions_controller.rb
-- test/dummy/config.ru
-- test/dummy/config/application.rb
-- test/dummy/config/boot.rb
-- test/dummy/config/environment.rb
-- test/dummy/config/routes.rb
-- test/dummy/log/test.log
-- test/test_helper.rb
 homepage: https://github.com/jsanders/angular_rails_csrf
 licenses:
 - MIT
@@ -170,29 +60,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.6.0
+      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.33
+rubygems_version: 3.5.23
 signing_key:
 specification_version: 4
 summary: Support for AngularJS $http service style CSRF protection in Rails
-test_files:
-- test/angular_rails_csrf_exception_test.rb
-- test/angular_rails_csrf_skip_test.rb
-- test/angular_rails_csrf_test.rb
-- test/dummy/app/assets/config/manifest.js
-- test/dummy/app/controllers/api_controller.rb
-- test/dummy/app/controllers/application_controller.rb
-- test/dummy/app/controllers/exclusions_controller.rb
-- test/dummy/config/application.rb
-- test/dummy/config/boot.rb
-- test/dummy/config/environment.rb
-- test/dummy/config/routes.rb
-- test/dummy/config.ru
-- test/dummy/log/test.log
-- test/test_helper.rb
+test_files: []

data/test/angular_rails_csrf_exception_test.rb

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-require 'test_helper'
-
-class AngularRailsCsrfExceptionTest < ActionController::TestCase
-  tests ExclusionsController
-
-  setup do
-    @controller.allow_forgery_protection = true
-    @correct_token = @controller.send(:form_authenticity_token)
-  end
-
-  test 'a get does not set the XSRF-TOKEN cookie' do
-    get :index
-    assert_not_equal @correct_token, cookies['XSRF-TOKEN']
-    assert_response :success
-  end
-end

data/test/angular_rails_csrf_skip_test.rb

@@ -1,14 +0,0 @@
-# frozen_string_literal: true
-
-require 'test_helper'
-
-class AngularRailsCsrfSkipTest < ActionController::TestCase
-  tests ApiController
-
-  test 'csrf-cookie is not set and no error if protect_against_forgery? is not defined' do
-    refute @controller.respond_to?(:protect_against_forgery?)
-    get :index
-    assert_nil cookies['XSRF-TOKEN']
-    assert_response :success
-  end
-end

data/test/angular_rails_csrf_test.rb

@@ -1,152 +0,0 @@
-# frozen_string_literal: true
-
-require 'test_helper'
-
-class AngularRailsCsrfTest < ActionController::TestCase
-  tests ApplicationController
-
-  test 'a get sets the XSRF-TOKEN cookie but does not require the X-XSRF-TOKEN header' do
-    get :index
-    assert_valid_cookie
-    assert_response :success
-  end
-
-  test 'a post raises an error without the X-XSRF-TOKEN header set' do
-    assert_raises ActionController::InvalidAuthenticityToken do
-      post :create
-    end
-  end
-
-  test 'a post raises an error with the X-XSRF-TOKEN header set to the wrong value' do
-    header_to 'garbage'
-    assert_raises ActionController::InvalidAuthenticityToken do
-      post :create
-    end
-  end
-
-  test 'a post is accepted if X-XSRF-TOKEN is set properly' do
-    header_to @controller.send(:form_authenticity_token)
-    post :create
-    assert_valid_cookie
-    assert_response :success
-  end
-
-  test 'csrf-cookie is not set if exclusion is enabled' do
-    refute @controller.respond_to?(:__exclude_xsrf_token_cookie?)
-    @controller.class_eval { exclude_xsrf_token_cookie }
-    get :index
-    assert_valid_cookie present: false
-    assert @controller.__exclude_xsrf_token_cookie?
-    assert_response :success
-  end
-
-  test 'the domain is used if present' do
-    config = Rails.application.config
-    def config.angular_rails_csrf_domain
-      :all
-    end
-
-    get :index
-    assert @response.headers['Set-Cookie'].include?('.test.host')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    config.instance_eval('undef :angular_rails_csrf_domain', __FILE__, __LINE__)
-  end
-
-  test 'the secure flag is set if configured' do
-    @request.headers['HTTPS'] = 'on'
-
-    config = Rails.application.config
-    config.define_singleton_method(:angular_rails_csrf_secure) { true }
-
-    get :index
-    assert @response.headers['Set-Cookie'].include?('secure')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    @request.headers['HTTPS'] = nil
-    config.instance_eval('undef :angular_rails_csrf_secure', __FILE__, __LINE__)
-  end
-
-  test 'a custom name is used if present' do
-    use_custom_cookie_name do
-      get :index
-      assert @response.headers['Set-Cookie'].include?('CUSTOM-COOKIE-NAME')
-      assert_valid_cookie name: 'CUSTOM-COOKIE-NAME'
-      assert_response :success
-    end
-  end
-
-  test 'the httponly flag is set if configured' do
-    config = Rails.application.config
-    config.define_singleton_method(:angular_rails_csrf_httponly) { true }
-
-    get :index
-    assert @response.headers['Set-Cookie'].include?('HttpOnly')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    config.instance_eval('undef :angular_rails_csrf_httponly', __FILE__, __LINE__)
-  end
-
-  test 'same_site is set to Lax by default' do
-    get :index
-    assert @response.headers['Set-Cookie'].include?('SameSite=Lax')
-    assert_valid_cookie
-    assert_response :success
-  end
-
-  test 'same_site can be configured' do
-    config = Rails.application.config
-    config.define_singleton_method(:angular_rails_csrf_same_site) { :strict }
-
-    get :index
-    assert @response.headers['Set-Cookie'].include?('SameSite=Strict')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    config.instance_eval('undef :angular_rails_csrf_same_site', __FILE__, __LINE__)
-  end
-
-  test 'secure is set automatically when same_site is set to none' do
-    @request.headers['HTTPS'] = 'on'
-
-    config = Rails.application.config
-    config.define_singleton_method(:angular_rails_csrf_same_site) { :none }
-
-    get :index
-    assert @response.headers['Set-Cookie'].include?('SameSite=None')
-    assert @response.headers['Set-Cookie'].include?('secure')
-    assert_valid_cookie
-    assert_response :success
-  ensure
-    config.instance_eval('undef :angular_rails_csrf_same_site', __FILE__, __LINE__)
-  end
-
-  private
-
-  # Helpers
-
-  def header_to(value)
-    @request.headers['X-XSRF-TOKEN'] = value
-  end
-
-  def assert_valid_cookie(name: 'XSRF-TOKEN', present: true)
-    cookie_valid = @controller.send(:valid_authenticity_token?, session, cookies[name])
-    cookie_valid = !cookie_valid unless present
-    assert cookie_valid
-  end
-
-  def use_custom_cookie_name
-    config = Rails.application.config
-    def config.angular_rails_csrf_cookie_name
-      'CUSTOM-COOKIE-NAME'
-    end
-    yield
-  ensure
-    eval <<-RUBY, binding, __FILE__, __LINE__ + 1
-      config.instance_eval('undef :angular_rails_csrf_cookie_name')
-    RUBY
-  end
-end

data/test/dummy/app/assets/config/manifest.js

@@ -1,4 +0,0 @@
-//= link_tree ../images
-//= link_tree ../fonts
-//= link_directory ../javascripts .js
-//= link_directory ../stylesheets .css

data/test/dummy/app/controllers/api_controller.rb

@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-
-class ApiController < ActionController::API
-  def index
-    head :ok
-  end
-end

data/test/dummy/app/controllers/application_controller.rb

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-class ApplicationController < ActionController::Base
-  protect_from_forgery with: :exception
-
-  def index
-    head :ok
-  end
-
-  def create
-    head :ok
-  end
-end

data/test/dummy/app/controllers/exclusions_controller.rb

@@ -1,9 +0,0 @@
-# frozen_string_literal: true
-
-class ExclusionsController < ApplicationController
-  exclude_xsrf_token_cookie
-
-  def index
-    head :ok
-  end
-end

data/test/dummy/config/application.rb

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-require File.expand_path('boot', __dir__)
-
-require 'action_controller/railtie'
-
-Bundler.require(:default, Rails.env)
-require 'angular_rails_csrf'
-
-module Dummy
-  class Application < Rails::Application
-    config.secret_key_base = '5e6b6d2bd7bf26d02679ac958b520adf41b211eb0b8f33742abc5437711d0ad314baf13efc0d35d7568d2e469668a7021cf5e945c667bd16507777aedb770f83'
-    config.eager_load = false # You get yelled at if you don't set this
-    config.active_support.test_order = :random
-  end
-end

data/test/dummy/config/boot.rb

@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-
-# Set up gems listed in the Gemfile.
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../Gemfile', __dir__)
-
-require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])

data/test/dummy/config/environment.rb

@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-
-# Load the Rails application.
-require File.expand_path('application', __dir__)
-
-# Initialize the Rails application.
-Dummy::Application.initialize!

data/test/dummy/config/routes.rb

@@ -1,10 +0,0 @@
-# frozen_string_literal: true
-
-Dummy::Application.routes.draw do
-  get  'test' => 'application#index'
-  post 'test' => 'application#create'
-
-  get 'exclusions' => 'exclusions#index'
-
-  get 'index' => 'api#index'
-end

data/test/dummy/config.ru

@@ -1,6 +0,0 @@
-# frozen_string_literal: true
-
-# This file is used by Rack-based servers to start the application.
-
-require ::File.expand_path('config/environment', __dir__)
-run Rails.application

data/test/dummy/log/test.log

@@ -1,144 +0,0 @@
-----------------------------------------------------------------------------
-AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
-----------------------------------------------------------------------------
-Processing by ExclusionsController#index as HTML
-Completed 200 OK in 0ms (Allocations: 214)
--------------------------------------------------------------------------------------------------------------
-AngularRailsCsrfSkipTest: test_csrf-cookie_is_not_set_and_no_error_if_protect_against_forgery?_is_not_defined
--------------------------------------------------------------------------------------------------------------
-Processing by ApiController#index as HTML
-Completed 200 OK in 0ms (Allocations: 106)
---------------------------------------------------------
-AngularRailsCsrfTest: test_the_domain_is_used_if_present
---------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 195)
-------------------------------------------------------
-AngularRailsCsrfTest: test_same_site_can_be_configured
-------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 94)
--------------------------------------------------------------------------
-AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
--------------------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 91)
--------------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
--------------------------------------------------------------------------------------
-Processing by ApplicationController#create as HTML
-Can't verify CSRF token authenticity.
-Completed 422 Unprocessable Entity in 0ms (Allocations: 182)
------------------------------------------------------------
-AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 114)
------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
------------------------------------------------------------------------------
-Processing by ApplicationController#create as HTML
-Completed 200 OK in 0ms (Allocations: 105)
-------------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
-------------------------------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
---------------------------------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
---------------------------------------------------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
--------------------------------------------------------------
-AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
--------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
----------------------------------------------------------------
-AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
----------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
------------------------------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
------------------------------------------------------------------------------------------------------
-Processing by ApplicationController#create as HTML
-Can't verify CSRF token authenticity.
-Completed 422 Unprocessable Entity in 0ms (Allocations: 110)
------------------------------------------------------------------
-AngularRailsCsrfTest: test_the_httponly_flag_is_set_if_configured
------------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
-------------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_secure_is_set_automatically_when_same_site_is_set_to_none
-------------------------------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 342)
------------------------------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_a_post_raises_an_error_with_the_X-XSRF-TOKEN_header_set_to_the_wrong_value
------------------------------------------------------------------------------------------------------
-Processing by ApplicationController#create as HTML
-Can't verify CSRF token authenticity.
-Completed 422 Unprocessable Entity in 0ms (Allocations: 200)
------------------------------------------------------------
-AngularRailsCsrfTest: test_a_custom_name_is_used_if_present
------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 113)
------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_a_post_is_accepted_if_X-XSRF-TOKEN_is_set_properly
------------------------------------------------------------------------------
-Processing by ApplicationController#create as HTML
-Completed 200 OK in 0ms (Allocations: 105)
--------------------------------------------------------------
-AngularRailsCsrfTest: test_same_site_is_set_to_Lax_by_default
--------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
-------------------------------------------------------
-AngularRailsCsrfTest: test_same_site_can_be_configured
-------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
--------------------------------------------------------------------------
-AngularRailsCsrfTest: test_csrf-cookie_is_not_set_if_exclusion_is_enabled
--------------------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 91)
---------------------------------------------------------
-AngularRailsCsrfTest: test_the_domain_is_used_if_present
---------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 112)
----------------------------------------------------------------
-AngularRailsCsrfTest: test_the_secure_flag_is_set_if_configured
----------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
---------------------------------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_a_get_sets_the_XSRF-TOKEN_cookie_but_does_not_require_the_X-XSRF-TOKEN_header
---------------------------------------------------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
------------------------------------------------------------------
-AngularRailsCsrfTest: test_the_httponly_flag_is_set_if_configured
------------------------------------------------------------------
-Processing by ApplicationController#index as HTML
-Completed 200 OK in 0ms (Allocations: 93)
--------------------------------------------------------------------------------------
-AngularRailsCsrfTest: test_a_post_raises_an_error_without_the_X-XSRF-TOKEN_header_set
--------------------------------------------------------------------------------------
-Processing by ApplicationController#create as HTML
-Can't verify CSRF token authenticity.
-Completed 422 Unprocessable Entity in 0ms (Allocations: 90)
--------------------------------------------------------------------------------------------------------------
-AngularRailsCsrfSkipTest: test_csrf-cookie_is_not_set_and_no_error_if_protect_against_forgery?_is_not_defined
--------------------------------------------------------------------------------------------------------------
-Processing by ApiController#index as HTML
-Completed 200 OK in 0ms (Allocations: 100)
-----------------------------------------------------------------------------
-AngularRailsCsrfExceptionTest: test_a_get_does_not_set_the_XSRF-TOKEN_cookie
-----------------------------------------------------------------------------
-Processing by ExclusionsController#index as HTML
-Completed 200 OK in 0ms (Allocations: 87)

data/test/test_helper.rb

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-# Configure Rails Environment
-ENV['RAILS_ENV'] = 'test'
-
-require 'simplecov'
-SimpleCov.start do
-  add_filter 'test/'
-  add_filter '.github/'
-end
-
-if ENV['CI'] == 'true'
-  require 'codecov'
-  SimpleCov.formatter = SimpleCov::Formatter::Codecov
-end
-
-require File.expand_path('dummy/config/environment.rb', __dir__)
-require 'rails/test_help'