From 0abf0cff3746b3adc056cd357262f688b6ea073e Mon Sep 17 00:00:00 2001
From: Ioannis Igoumenos <ioigoume@gmail.com>
Date: Tue, 14 Apr 2026 13:21:50 +0000
Subject: [PATCH] Fix pages controller tests

---
 app/tests/TestCase/Controller/PagesControllerTest.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/tests/TestCase/Controller/PagesControllerTest.php b/app/tests/TestCase/Controller/PagesControllerTest.php
index ebc70bb95..570d369a5 100644
--- a/app/tests/TestCase/Controller/PagesControllerTest.php
+++ b/app/tests/TestCase/Controller/PagesControllerTest.php
@@ -38,7 +38,8 @@ public function testDisplay()
         Configure::write('debug', true);
         $this->get('/pages/home');
         $this->assertResponseOk();
-        $this->assertResponseContains('CakePHP');
+
+        // The home page content is application-specific; don't assert CakePHP's skeleton text.
         $this->assertResponseContains('<html>');
     }
 
@@ -79,6 +80,8 @@ public function testMissingTemplateInDebug()
      */
     public function testDirectoryTraversalProtection()
     {
+        $this->enableCsrfToken();
+
         $this->get('/pages/../Layout/ajax');
         $this->assertResponseCode(403);
         $this->assertResponseContains('Forbidden');
@@ -105,6 +108,8 @@ public function testCsrfAppliedError()
     public function testCsrfAppliedOk()
     {
         $this->enableCsrfToken();
+        $this->enableSecurityToken();
+
         $this->post('/pages/home', ['hello' => 'world']);
 
         $this->assertThat(403, $this->logicalNot(new StatusCode($this->_response)));