Was busy developing and minding my own business, when suddenly my functional tests all stopped working giving me this error:
ActionController::InvalidAuthenticityToken: No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store).
Now we happen to have just switched on the use of the cookie store - and the actions all work just fine from the browser. Checking the forms even shows up the authenticity tokens etc... this only occurs during testing.
Googling gives a few rspec-based solutions, but very few are even possible for Test::Unit. I tried disabling config.action_controller.allow_forgery_protection - but that did a big nothing for me. So I bodgied up a quick-n-dirty workaround just for the test environment as per below.
Right now I still don't know what's causing the bug, but this gets me past it until I can figure out what's actually wrong. YMMV :)
# See ActionController::RequestForgeryProtection for details
if RAILS_ENV == 'test'
# dodgy workaround for Rails 2.0 bug in functional tests - which don't
# seem to use a cookie store properly. Reference to issue:
# http://groups.google.com/group/railsspace/browse_thread/thread/fcdbfa4e65bf86de
protect_from_forgery :secret => 'c1c6ebaee01fecc9aa9bc105d235b2c2'
else
# Uncomment the :secret if you're not using the cookie session store
protect_from_forgery # :secret => 'c1c6ebaee01fecc9aa9bc105d235b2c2'
end
2 comments:
You need to uncomment the :secret line in your application.rb where it states protect_from_forgery
Except that we didn't want a single, hard-coded secret that would be checked into the repository... in a multi-million-dollar website through which most of the world's brokers would be sending their order and trade data...
Post a Comment