Open nolantait opened 1 month ago
Thanks for contributing! I'd rather eliminate the configuration and instead not include the authenticity token for a GET
request.
Here's the steps that would take:
:authenticity_token
option from the constructor.def has_authenticity_token? = form_method != "get"
authenticity_token_field if has_authenticity_token?
If you include specs for all that and I can merge it.
For the docs, you can tell people they can force that field for get requests by overriding the method like this: has_authenticity_token? = true
Could you put the row
/labeled
changes in a different PR? I like keeping PRs related to one issue so the conversation doesn't fork.
Sounds good, I've removed the docs changes in this PR. Not sure what I buggered with the Gemfile.lock for the CI.
Rails doesn't check GET requests for
authenticity_token
. Currently if you make GET requests the token will be littered in the URL. Rails also has the same option.I also added some docs in the README. This change also contains some feedback I got from my friend who was reading the docs and got confused about
#row
mentions in the README. I've changed them to#labelled
so they are unified.This PR also adds
phlex-testing-capybara
which is quite familiar to rails devs and could help make writing specs for rails components more approachable. Its still a bit awkward to magically stubhelpers
in the tests but they work and are easy to write.Happy for any feedback