6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"ActionController::InvalidCrossOriginRequest in Controller Test\",\"text\":\"

When running legacy controller tests like this one:

\\n\\n

    get :edit, id: object.id, format: :js\\n

\\n\\n

My tests began failing in Rails 4.1 with the following error:

\\n\\n

ActionController::InvalidCrossOriginRequest: Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.\\n

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Tom Rossi\"},\"upvoteCount\":34,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

For Rails 5+

\\n\\n

get :edit, params: { id: object.id }, xhr: true\\n

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"John Pollard\"},\"upvoteCount\":52}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","ruby-on-rails",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/ruby-on-rails/1","children":"ruby-on-rails"}]}],["$","span","ruby-on-rails-4.1",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/ruby-on-rails-4.1/1","children":"ruby-on-rails-4.1"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/IJ6HK.png?s=256","alt":"Tom Rossi","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/431874/tom-rossi","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Tom Rossi"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",12066]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"ActionController::InvalidCrossOriginRequest in Controller Test"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

When running legacy controller tests like this one:

\n\n

    get :edit, id: object.id, format: :js\n

\n\n

My tests began failing in Rails 4.1 with the following error:

\n\n

ActionController::InvalidCrossOriginRequest: Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",34]}],["$","p",null,{"children":["Views: ",10474]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","43813431",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://lh3.googleusercontent.com/-_1V3BLkCY9s/AAAAAAAAAAI/AAAAAAAAAOQ/MvO2DnNuEzQ/photo.jpg?sz=256","alt":"John Pollard","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/4162864/john-pollard","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"John Pollard"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",3899]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

For Rails 5+

\n\n

get :edit, params: { id: object.id }, xhr: true\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",52]}]}]]}],["$","div","24918995",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/IJ6HK.png?s=256","alt":"Tom Rossi","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/431874/tom-rossi","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Tom Rossi"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",12066]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Older versions of Rails accepted this, but the solution was to use the xhr method as follows:

\n\n

  xhr :get, :edit, id: object.id\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",41]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","29310187",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/29310187","className":"text-blue-600 hover:underline","children":"Rails InvalidCrossOriginRequest"}]}],["$","li","68653983",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/68653983","className":"text-blue-600 hover:underline","children":"Cross controllers test in Rails"}]}],["$","li","8279697",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/8279697","className":"text-blue-600 hover:underline","children":"rails unit test fails "undefined method 'request='""}]}],["$","li","52561346",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/52561346","className":"text-blue-600 hover:underline","children":"Rails Test "ActionController::UnknownFormat: is missing a template for this request format and variant""}]}],["$","li","40290853",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/40290853","className":"text-blue-600 hover:underline","children":"Rails4 - Testing - URLGenerationError: No route matches"}]}],["$","li","33377396",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/33377396","className":"text-blue-600 hover:underline","children":"ActionController::UrlGenerationError: No route matches when trying to test the controller"}]}],["$","li","30548708",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/30548708","className":"text-blue-600 hover:underline","children":"Integration test get ActionController::UrlGenerationError in rails 4"}]}],["$","li","16141718",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/16141718","className":"text-blue-600 hover:underline","children":"Rails 4.0: ActionController::RoutingError"}]}],["$","li","23351826",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/23351826","className":"text-blue-600 hover:underline","children":"DoubleRenderError in Rails 4.1 when rescuing from InvalidCrossOriginRequest"}]}],["$","li","23209902",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/23209902","className":"text-blue-600 hover:underline","children":"How to avoid ActionController::InvalidCrossOriginRequest exception?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

ActionController::InvalidCrossOriginRequest in Controller Test

Answers (2)

Related Questions