Commit 5ee62580 authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Fix CSRF exception when updating theme

The bug was caused by the switch to Rails UJS in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/27394.

The form wasn't submitted remotely and the CSRF token wasn't sent.

We also enable CSRF protection for JS tests to catch these problems.
parent b6407994
import $ from 'jquery';
import axios from '~/lib/utils/axios_utils';
import { Rails } from '~/lib/utils/rails_ujs';
import { deprecatedCreateFlash as flash } from '../flash';
import { parseBoolean } from '~/lib/utils/common_utils';
import TimezoneDropdown, {
......@@ -48,9 +49,13 @@ export default class Profile {
}
submitForm() {
return $(this)
.parents('form')
.submit();
const $form = $(this).parents('form');
if ($form.data('remote')) {
Rails.fire($form[0], 'submit');
} else {
$form.submit();
}
}
onSubmitForm(e) {
......
......@@ -123,6 +123,10 @@ RSpec.configure do |config|
port: session.server.port,
protocol: 'http')
# CSRF protection is disabled by default. We only enable this for JS specs because some forms
# require Javascript to set the CSRF token.
allow_any_instance_of(ActionController::Base).to receive(:protect_against_forgery?).and_return(true)
# reset window size between tests
unless session.current_window.size == CAPYBARA_WINDOW_SIZE
begin
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment