You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Originally posted by matthewmcgarvey January 26, 2022
Right now, flow specs work because they use Chrome (headlessly). In my work to add an in-memory version, we lose the ability to run javascript. That means we lose the ability for the javascript layer to add on csrf tokens to requests. This causes requests to fail.
Discussed in #1655
Originally posted by matthewmcgarvey January 26, 2022
Right now, flow specs work because they use Chrome (headlessly). In my work to add an in-memory version, we lose the ability to run javascript. That means we lose the ability for the javascript layer to add on csrf tokens to requests. This causes requests to fail.
In looking at how Capybara deals with this, I found that Rails disables CSRF protection in the test environment
https://github.com/rails/rails/blob/1438c0416fed98b20475b0cbe0c8e3965705cad0/railties/lib/rails/generators/rails/app/templates/config/environments/test.rb.tt#L34
I think we should do something similar. At least, we could add a setting to allow disabling it.
The setting would be used here:
lucky/src/lucky/protect_from_forgery.cr
Lines 19 to 26 in 48d8f7b
The text was updated successfully, but these errors were encountered: