From b871a2b5366c90c8bc0c8b82dba37d2e03e2bd54 Mon Sep 17 00:00:00 2001
From: Francesco Aiello <aiellof@oregonstate.edu>
Date: Fri, 8 Jan 2021 10:38:12 -0800
Subject: [PATCH] Set dummy app forgery protection to false

This reverts a previous change setting dummy app forgery protection to true. Rails prefers testing to be performed with forgery protection set to false.

This change will also allow for use of system specs in Solidus frontend.
---
 core/lib/generators/spree/dummy/templates/rails/test.rb | 3 +++
 core/lib/spree/testing_support/dummy_app.rb             | 5 +++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/core/lib/generators/spree/dummy/templates/rails/test.rb b/core/lib/generators/spree/dummy/templates/rails/test.rb
index cf2baf7995a..6c029ce51cc 100644
--- a/core/lib/generators/spree/dummy/templates/rails/test.rb
+++ b/core/lib/generators/spree/dummy/templates/rails/test.rb
@@ -20,6 +20,9 @@
   # Raise exceptions instead of rendering exception templates
   config.action_dispatch.show_exceptions = false
 
+  # Disable request forgery protection in test environment
+  config.action_controller.allow_forgery_protection = false
+
   # Tell Action Mailer not to deliver emails to the real world.
   # The :test delivery method accumulates sent emails in the
   # ActionMailer::Base.deliveries array.
diff --git a/core/lib/spree/testing_support/dummy_app.rb b/core/lib/spree/testing_support/dummy_app.rb
index 350317e5135..1bc385d8285 100644
--- a/core/lib/spree/testing_support/dummy_app.rb
+++ b/core/lib/spree/testing_support/dummy_app.rb
@@ -17,6 +17,7 @@
 
 # @private
 class ApplicationController < ActionController::Base
+  protect_from_forgery with: :exception
 end
 
 # @private
@@ -52,8 +53,8 @@ class Application < ::Rails::Application
     config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=3600' }
     config.whiny_nils = true
     config.consider_all_requests_local = true
-    config.action_controller.allow_forgery_protection = true
-    config.action_controller.default_protect_from_forgery = true
+    config.action_controller.allow_forgery_protection = false
+    config.action_controller.default_protect_from_forgery = false
     config.action_controller.perform_caching = false
     config.action_dispatch.show_exceptions = false
     config.active_support.deprecation = :stderr