Document how to disable forgery protection for tests. Useful note for those upgrading from 1.x. Closes #10440 [Trevor Turk]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8350 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2007-12-10 01:15:30 +00:00 · 2007-12-10 01:15:30 +00:00 · 380ddd5310
parent a93fea800f
commit 380ddd5310
1 changed files with 7 additions and 1 deletions
--- a/actionpack/lib/action_controller/request_forgery_protection.rb
+++ b/actionpack/lib/action_controller/request_forgery_protection.rb
@ -54,6 +54,12 @@ module ActionController #:nodoc:
      #     skip_before_filter :verify_authenticity_token
      #   end
      #
+      # If you are upgrading from Rails 1.x, disable forgery protection to
+      # simplify your tests. Add this to config/environments/test.rb:
+      #
+      #   # Disable request forgery protection in test environment
+      #   config.action_controller.allow_forgery_protection = false
+      #
      # Valid Options:
      #
      # * <tt>:only/:except</tt> - passed to the before_filter call.  Set which actions are verified.
@ -123,4 +129,4 @@ module ActionController #:nodoc:
        allow_forgery_protection && request_forgery_protection_token
      end
  end
-end
+end