Cucumber + Capybara testing: AJAX RequestForgeryProtection trouble since Rails 4.1

Question

After updating to Rails 4.1, I got an interesting problem with Cucumber and Capybara in a new project.

Inside a view I placed some thumbnail portraits. The user is supposed to click on a thumbnail image link to receive more information about the person he has chosen. Through the magic of AJAX the information then appears below the thumbnails. Here's how i did it in the view:

<%= link_to( image_tag( ... ), "/controller/action.js&person=#{@person.nickname}", id: @person.thumb_id , remote: true) %

The controller follows the usual proceeding for cases like this with

respond_to do format.js end

etc.

Works perfectly in the browser and I love it.

However, Cucumber and Capybara don't work so smoothly. Here's the Capybara line that's giving me a lot of headache:

When(/^I click on one of the portraits to display the person's stuff$/) do
  click_link("jack_sparrow_THUMB") # @user.thumb_id
end

Running the scenario with Cucumber, I receive this error message for the statement above:

Security warning: an embedded <script> tag on another site requested protected 
JavaScript. If you know what you're doing, go ahead and disable forgery protection 
on this action to permit cross-origin JavaScript embedding.
(ActionController::InvalidCrossOriginRequest)

The problem must have to do with this

http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection.html

Just have a look at the CROSS_ORIGIN_JAVASCRIPT_WARNING provided ... :(

Is there anything I can do to make my tests run again without downgrading to rails < 4.1 or even turning off Request Forgery Protection in general? Help would be very much appreciated.

Answer 1

As per "CSRF protection from remote tags " from the rails guide:

In the case of tests, where you also doing the client, change from:

get :index, format: :js

To:

xhr :get, :index, format: :js

http://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html#csrf-protection-from-remote-script-tags