When running legacy controller tests like this one:
get :edit, id: object.id, format: :js
My tests began failing in Rails 4.1 with the following error:
ActionController::InvalidCrossOriginRequest: Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.
For Rails 5+
get :edit, params: { id: object.id }, xhr: true