Send CSRF tokens with trigger and unlock actions, set RACK_ENV to "test" during tests to disable Rack::Protection

2015-10-01 10:08:15 -04:00 · 2015-10-01 10:08:15 -04:00 · d6406b3e3b
parent 3d78df3738
commit d6406b3e3b
3 changed files with 4 additions and 0 deletions
--- a/lib/sidetiq/views/locks.erb
+++ b/lib/sidetiq/views/locks.erb
@ -36,6 +36,7 @@
          </td>
            <td>
              <form action="<%= "#{root_path}sidetiq/#{meta.key}/unlock" %>" method="post">
+                <%= csrf_tag %>
                <input class="btn btn-danger btn-small" type="submit" name="trigger" value="Unlock" data-confirm="Are you sure you want remove this lock?" />
              </form>
            </td>
--- a/lib/sidetiq/views/sidetiq.erb
+++ b/lib/sidetiq/views/sidetiq.erb
@ -37,6 +37,7 @@
            </td>
            <td>
              <form action="<%= "#{root_path}sidetiq/#{worker.name}/trigger" %>" method="post">
+                <%= csrf_tag %>
                <input class="btn btn-danger btn-small" type="submit" name="trigger" value="Trigger" data-confirm="Are you sure you want to trigger this job?" />
              </form>
            </td>
--- a/test/helper.rb
+++ b/test/helper.rb
@ -1,3 +1,5 @@
+ENV['RACK_ENV'] ||= 'test'
+
 if RUBY_PLATFORM != "java"
  require 'coveralls'
  Coveralls.wear!