Was busy developing and minding my own business, when suddenly my functional tests all stopped working giving me this error:
ActionController::InvalidAuthenticityToken: No :secret given to the #protect_from_forgery call. Set that or use a session store capable of generating its own keys (Cookie Session Store).
Now we happen to have just switched on the use of the cookie store - and the actions all work just fine from the browser. Checking the forms even shows up the authenticity tokens etc... this only occurs during testing.
Googling gives a few rspec-based solutions, but very few are even possible for Test::Unit. I tried disabling config.action_controller.allow_forgery_protection - but that did a big nothing for me. So I bodgied up a quick-n-dirty workaround just for the test environment as per below.
Right now I still don't know what's causing the bug, but this gets me past it until I can figure out what's actually wrong. YMMV :)
# See ActionController::RequestForgeryProtection for details if RAILS_ENV == 'test' # dodgy workaround for Rails 2.0 bug in functional tests - which don't # seem to use a cookie store properly. Reference to issue: # http://groups.google.com/group/railsspace/browse_thread/thread/fcdbfa4e65bf86de protect_from_forgery :secret => 'c1c6ebaee01fecc9aa9bc105d235b2c2' else # Uncomment the :secret if you're not using the cookie session store protect_from_forgery # :secret => 'c1c6ebaee01fecc9aa9bc105d235b2c2' end