Reputation: 43
Rails Tutorial 7.4.4 - How does post method submit form with authenticity token?
I'm at Rails Tutorial 7.4.4 and I'm curious about how the post_via_redirect method in the following test post form along with authenticity_token parameter.
The following test would pass:
class UsersSignupTest < ActionDispatch::IntegrationTest
test "valid signup information will add user to database" do
assert_difference 'User.count', 1 do
post_via_redirect users_path, user: { name: "Filius Flitwick",
email: "[email protected]",
password: "charmsmaster",
password_confirmation: "charmsmaster" }
end
end
end
In order to prevent CSRF (Cross Site Request Forgery), I assume that the form won't pass the verification without a correct authenticity_token parameter in the form. However, I cannot figure out from where the authenticity_token is put into the parameters.
In fact I'm not sure what exactly the POST in rails is doing. Would POST first request a web page of the URL to get the authenticity_token?
Upvotes: 4
Views: 264
Answers (1)
Reputation: 24340
By default, the CSRF protection is disabled in the test environment. You can activate it by adding the following line in config/environments/test.rb:
config.action_controller.allow_forgery_protection = true
See the guide on Configuration Rails Application.
Upvotes: 2
Related Questions
- Can't verify CSRF token authenticity! RAILS API with POST
- Rails: Can't verify CSRF token authenticity when making a POST request
- How to use the `authenticate_or_request_with_http_token` method
- Rails POST Request Invalid Token Authority
- Rails 5.1 - HTTP Post request for token authorization
- How to post authenticity_token?
- How do I make a POST request from one rails app to another?
- How to get CSRF token with rails3.2.x, before sending restful POST/PUT API, without any form/UI from server side?
- Rails form_authenticity_token not regenerating after POST request
- How do I secure this post request to Rails?