Ruby-on-rails 测试渲染 JS 视图时引发 InvalidCrossOriginRequest
Ruby-on-rails test raising InvalidCrossOriginRequest when rendering a JS view
我正在测试一个控制器,它具有以 .js.erb 格式呈现视图的动作。
对这些操作的测试引发了以下错误:
Minitest::UnexpectedError: ActionController::InvalidCrossOriginRequest: Security warning: an embedded tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.
伪造保护导致此错误,因为当我对这些操作设置例外时它没问题,但我不想禁用它。
这是我的控制器:
class TasksController < ApplicationController
def new
# TODO add blah later
@task = Task.new
render 'tasks/show_form.js.erb'
end
def create
# FIXME there is bug here
@task = Task.new(task_params)
@task.user = current_user
authorize! :create, @task
save_task
end
def edit
@task = Task.find(params[:id])
authorize! :edit, @task
render 'tasks/show_form.js.erb'
end
def update
@task = Task.find(params[:id])
@task.assign_attributes(task_params)
authorize! :update, @task
save_task
end
def destroy
@task = Task.find(params[:id])
authorize! :destroy, @task
@task.destroy
@tasks = Task.accessible_by(current_ability)
end
private
def save_task
if @task.save
@tasks = Task.accessible_by(current_ability)
render 'tasks/hide_form.js.erb'
else
render 'tasks/show_form.js.erb'
end
end
def task_params
params.require(:task).permit(:title, :note, :completed)
end
end
这是我对这个控制器的测试:
require 'test_helper'
class TasksControllerTest < ActionDispatch::IntegrationTest
#include Devise::Test::ControllerHelpers
def setup
@task = tasks(:one)
@password = "password"
@confirmed_user = User.create(email: "#{rand(50000)}@example.com",
password: @password,
confirmed_at: "2020-02-01 11:35:56")
@unconfirmed_user = User.create(email: "#{rand(50000)}@example.com",
password: @password,
confirmed_at: "")
sign_in(user: @confirmed_user, password: @password)
end
test "should get new" do
get new_task_url
assert_response :success
end
test "should create task" do
assert_difference('Task.count') do
post tasks_url, params: {task: {title: 'Dont fail test !'}}
end
assert_redirected_to task_url(Task.last)
end
test "should get edit" do
get edit_task_url(@task)
assert_response :success
end
test "should update task" do
patch task_url(@task), params: {task: {title: 'updated'}}
assert_redirected_to task_url(@task)
article.reload
assert_equal "updated", article.title
end
test "should destroy task" do
assert_difference('Task.count', -1) do
delete task_url(@task)
end
assert_redirected_to tasks_url
end
end
你们知道如何纠正这个错误吗?
提前致谢
解决方案是放在我的控制器的开头
skip_before_action :verify_authenticity_token, :only => [:edit,
:new]
希望这可以帮助到某人
您可以尝试更改您的 get 请求,以使用浏览器用于 AJAX 请求的相同机制,即 XMLHttpRequest。您可以在 rails 测试中使用 xhr
执行此操作
你的情况:
xhr :get, new_task_url
这意味着您没有绕过 rails 默认值只是为了让您的测试通过。
我正在测试一个控制器,它具有以 .js.erb 格式呈现视图的动作。 对这些操作的测试引发了以下错误:
Minitest::UnexpectedError: ActionController::InvalidCrossOriginRequest: Security warning: an embedded tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.
伪造保护导致此错误,因为当我对这些操作设置例外时它没问题,但我不想禁用它。
这是我的控制器:
class TasksController < ApplicationController
def new
# TODO add blah later
@task = Task.new
render 'tasks/show_form.js.erb'
end
def create
# FIXME there is bug here
@task = Task.new(task_params)
@task.user = current_user
authorize! :create, @task
save_task
end
def edit
@task = Task.find(params[:id])
authorize! :edit, @task
render 'tasks/show_form.js.erb'
end
def update
@task = Task.find(params[:id])
@task.assign_attributes(task_params)
authorize! :update, @task
save_task
end
def destroy
@task = Task.find(params[:id])
authorize! :destroy, @task
@task.destroy
@tasks = Task.accessible_by(current_ability)
end
private
def save_task
if @task.save
@tasks = Task.accessible_by(current_ability)
render 'tasks/hide_form.js.erb'
else
render 'tasks/show_form.js.erb'
end
end
def task_params
params.require(:task).permit(:title, :note, :completed)
end
end
这是我对这个控制器的测试:
require 'test_helper'
class TasksControllerTest < ActionDispatch::IntegrationTest
#include Devise::Test::ControllerHelpers
def setup
@task = tasks(:one)
@password = "password"
@confirmed_user = User.create(email: "#{rand(50000)}@example.com",
password: @password,
confirmed_at: "2020-02-01 11:35:56")
@unconfirmed_user = User.create(email: "#{rand(50000)}@example.com",
password: @password,
confirmed_at: "")
sign_in(user: @confirmed_user, password: @password)
end
test "should get new" do
get new_task_url
assert_response :success
end
test "should create task" do
assert_difference('Task.count') do
post tasks_url, params: {task: {title: 'Dont fail test !'}}
end
assert_redirected_to task_url(Task.last)
end
test "should get edit" do
get edit_task_url(@task)
assert_response :success
end
test "should update task" do
patch task_url(@task), params: {task: {title: 'updated'}}
assert_redirected_to task_url(@task)
article.reload
assert_equal "updated", article.title
end
test "should destroy task" do
assert_difference('Task.count', -1) do
delete task_url(@task)
end
assert_redirected_to tasks_url
end
end
你们知道如何纠正这个错误吗?
提前致谢
解决方案是放在我的控制器的开头
skip_before_action :verify_authenticity_token, :only => [:edit, :new]
希望这可以帮助到某人
您可以尝试更改您的 get 请求,以使用浏览器用于 AJAX 请求的相同机制,即 XMLHttpRequest。您可以在 rails 测试中使用 xhr
执行此操作你的情况:
xhr :get, new_task_url
这意味着您没有绕过 rails 默认值只是为了让您的测试通过。