Testing Like the TSA
David’s post perfectly describes my frustration with TDD, especially in long lived and complex projects.
Access Denied Error when using XHR PUT and DELETE
Late one night, I was attempting to wire up a delete button on a Rails app using XHR. However, every time I attempted to make the XHR call, I saw AccessDenied in the server log and my session was un authenticated. Since it was late, I remapped it to a different URL and moved on.
However, the fact that this did not work still bothered me and when I revisited it after a good night’s sleep, the answer was quite obvious. My Ajax setup (copied from many Rails projects ago) looked like:
I was only setting the X-CSRF-Token on a POST. Therefore, when the server received the DELETE verb, it killed the session, thinking that something was afoul.
Changing that line to:
fixed the issue in the correct way.
