1. 首页
  2. 问答
  3. 渲染JS视图时提升InvalidCrossOriginRequest的Ruby on Rails测试

渲染JS视图时提升InvalidCrossOriginRequest的Ruby on Rails测试

2016-09-19 98 views
0

我正在测试一个控制器,该控制器的动作呈现视图的格式为.js.erb。 对这些行动的测试提高了以下错误:渲染JS视图时提升InvalidCrossOriginRequest的Ruby on Rails测试

Minitest::UnexpectedError: ActionController::InvalidCrossOriginRequest: Security warning: an embedded tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.

的防伪保护导致这个错误,因为当我把一个异常有关这些操作的好,但我不希望将其禁用。

这里是我的控制器:

class TasksController < ApplicationController 

    def new 
    # TODO add blah later 
    @task = Task.new 
    render 'tasks/show_form.js.erb' 
    end 

    def create 
    # FIXME there is bug here 
    @task = Task.new(task_params) 
    @task.user = current_user 
    authorize! :create, @task 
    save_task 
    end 

    def edit 
    @task = Task.find(params[:id]) 
    authorize! :edit, @task 
    render 'tasks/show_form.js.erb' 
    end 

    def update 
    @task = Task.find(params[:id]) 
    @task.assign_attributes(task_params) 
    authorize! :update, @task 
    save_task 
    end 

    def destroy 
    @task = Task.find(params[:id]) 
    authorize! :destroy, @task 
    @task.destroy 
    @tasks = Task.accessible_by(current_ability) 
    end 

    private 

    def save_task 
    if @task.save 
     @tasks = Task.accessible_by(current_ability) 
     render 'tasks/hide_form.js.erb' 
    else 
     render 'tasks/show_form.js.erb' 
    end 
    end 

    def task_params 
    params.require(:task).permit(:title, :note, :completed) 
    end 
end

这里是我的这个控制器测试:

require 'test_helper' 

class TasksControllerTest < ActionDispatch::IntegrationTest 
    #include Devise::Test::ControllerHelpers 

    def setup 
    @task = tasks(:one) 
    @password = "password" 
    @confirmed_user = User.create(email: "#{rand(50000)}@example.com", 
            password: @password, 
            confirmed_at: "2020-02-01 11:35:56") 
    @unconfirmed_user = User.create(email: "#{rand(50000)}@example.com", 
            password: @password, 
            confirmed_at: "") 
    sign_in(user: @confirmed_user, password: @password) 

    end 

    test "should get new" do 
    get new_task_url 
    assert_response :success 
    end 

    test "should create task" do 
    assert_difference('Task.count') do 

     post tasks_url, params: {task: {title: 'Dont fail test !'}} 
    end 

    assert_redirected_to task_url(Task.last) 
    end 

    test "should get edit" do 
    get edit_task_url(@task) 
    assert_response :success 
    end 

    test "should update task" do 
    patch task_url(@task), params: {task: {title: 'updated'}} 
    assert_redirected_to task_url(@task) 
    article.reload 
    assert_equal "updated", article.title 
    end 

    test "should destroy task" do 
    assert_difference('Task.count', -1) do 
     delete task_url(@task) 
    end 

    assert_redirected_to tasks_url 
    end 
end

做任何你对如何纠正这个错误的想法?

预先感谢您

来源

2016-09-19 V. Déhaye

+0

您是否想故意在您的应用中执行cors,或意外发生?如果你想做cors,那么使用[rack-cors](https://github.com/cyu/rack-cors)怎么样? – YTorii

+0

我会说意外的,因为我只使用自己的资源。感谢您的帮助,我找到了解决方案:) –

回答

-1

解决的办法是把我的控制器

skip_before_action :verify_authenticity_token, :only => [:edit, :new]

希望的开端这可以帮助别人

来源

2016-09-20 15:38:42

1

你可以尝试改变你的GET请求,使用相同的浏览器会为AJAX请求提供一种XMLHttpRequest机制。您可以在轨测试与xhr

做到这一点你的情况:

xhr :get, new_task_url

这意味着你是不是绕过护栏默认只是为了让你的测试通过。

来源

2016-09-20 15:44:36

 相关问题

  • 暂无相关问题^_^