> I am building a page that has many ajax calls on the page, so when I
> moved to rails 2.0, I, of course, noticed that my ajax calls stopped
> working.  After some research, I came up with the following solution.

> I create a <div id="authenticity_token"><%= form_authenticity_token
> %></div> at the bottom of my document, so that I could easily grab the
> value with javascript and include it in my ajax calls  This worked
> great, btw.

> The problem comes when I am trying to write functional tests for the
> these pages.  For example, the following code:

> def test_view_not_logged_in
>   get :view, :id =>  users(:quentin).id
>   assert_response :success
> end

> Creates the following error:

> ActionView::TemplateError: No :secret given to the
> #protect_from_forgery call.  Set that or use a session store capable
> of generating its own keys (Cookie Session Store).
>     On line #39 of account/_signup_form.rhtml

>     36:   </div>
>     37:   <a href="javascript:showNewImage()">Try a different image </
> a>
>     38:   <% end -%>
>     39:   <div id="form_authenticity_token" class="hidden"><%=
> form_authenticity_token %></div>

> I am using the Cookie Session Store in my development and production
> environements.  Is there any difference in the test environment?  I
> could add the :secret when I do testing, but that is pretty
> cumbersome.

> thanks in advance for any help!

> Greg

> I guess that I need to make sure that forgery is turned on:

> <% if protect_against_forgery? %>
> <div id="authenticity_token"><%= form_authenticity_token %></div>
> <% end %>

> The test environment turns it off.

> On Feb 28, 4:21 pm, Greg <glhew...@gmail.com> wrote:

>> hello,

>> I am building a page that has many ajax calls on the page, so when I
>> moved to rails 2.0, I, of course, noticed that my ajax calls stopped
>> working.  After some research, I came up with the following solution.

>> I create a <div id="authenticity_token"><%= form_authenticity_token
>> %></div> at the bottom of my document, so that I could easily grab the
>> value with javascript and include it in my ajax calls  This worked
>> great, btw.

>> The problem comes when I am trying to write functional tests for the
>> these pages.  For example, the following code:

>> def test_view_not_logged_in
>>   get :view, :id =>  users(:quentin).id
>>   assert_response :success
>> end

>> Creates the following error:

>> ActionView::TemplateError: No :secret given to the
>> #protect_from_forgery call.  Set that or use a session store capable
>> of generating its own keys (Cookie Session Store).
>>     On line #39 of account/_signup_form.rhtml

>>     36:   </div>
>>     37:   <a href="javascript:showNewImage()">Try a different image </
>> a>
>>     38:   <% end -%>
>>     39:   <div id="form_authenticity_token" class="hidden"><%=
>> form_authenticity_token %></div>

>> I am using the Cookie Session Store in my development and production
>> environements.  Is there any difference in the test environment?  I
>> could add the :secret when I do testing, but that is pretty
>> cumbersome.

>> thanks in advance for any help!

>> Greg