undefined|0|ReferenceError: Strict mode forbids implicit creation of global property 'csrf_token'

cpow picture cpow · Dec 10, 2012 · Viewed 13.5k times · Source

So, this was quite an interesting problem I have been running into.

I am currently building a backbone.js - Rails app. Generally just building this for learning purposes. I am (like any good rails dev) doing my best at TDD/BDD and I ran into a problem with capybara.

I have an integration spec that merely tests root_path works (Backbone history starts, displays initial information, etc...).

require 'spec_helper'

describe "RentalProperties", js: true do
  describe "GET /" do
    it "should show a list of properties" do
      visit root_path
      eventually{page.should have_content("Something")}
    end
  end
end

I am running tests with jasmine, sinon, and capybara/rspec/webkit. I am loosely following both the "Rspec on Rails" book by thoughtbot (awesome book by the way), and this tutorial: http://tinnedfruit.com/2011/03/03/testing-backbone-apps-with-jasmine-sinon.html.

When running the above spec, I came across this error:

undefined|0|ReferenceError: Strict mode forbids implicit creation of global property 'csrf_token'

I took a long time sorting this out because there's really nothing google-able for this error.

Eventually I stumbled across using "use strict-mode" in JS. Essentially this will use some new EMCA5 script conventions. It will catch more coding bloopers, and keep you from accessing global variables. All good things.

So I check, and in my sinon.js file, I see:

"use strict";

on line 36 of the file. Lo and behold I comment out the line, and my tests work just fine.

Here is my question: Why did use strict mess up csrf? I am assuming this has something to do with csrf_meta_tags in my rails layout. If possible I would like to put this line back in sinon js as I assume its the "right thing to do"

Does anyone have more information on this? I appreciate any details in advance!!

Answer

RobG picture RobG · Dec 10, 2012

It is telling you that a value is being assigned to a variable called csrf_token that has not been declared, e.g.

csrf_token = 'foo';

In non–strict mode, that will create a property of the global object (usually called a global variable) called csrf_token when that line of code is executed.

In strict mode, it will throw the error you see because strict mode prevents the implicit creation of global variables. You could also fix it by including:

var csrf_token;

anywhere in a global context in the same script element as the code the error comes from, or a previous script element.