diff --git a/tests/unit/ControllerExtensionTest.php b/tests/unit/ControllerExtensionTest.php
index 54625ae..b62a75f 100644
--- a/tests/unit/ControllerExtensionTest.php
+++ b/tests/unit/ControllerExtensionTest.php
@@ -56,7 +56,7 @@ public function testInit()
     public function testNonceOnExcludedControllers()
     {
         //when CSPBackend.useNonce is true, it should only apply to controllers
-        //with the extension applied. By default, this is page controller
+        //with the extension applied. By default, this is root controller
         CSPBackend::setUsesNonce(true);
         $page = new Page();
         $controller = new PageController($page);
@@ -64,26 +64,12 @@ public function testNonceOnExcludedControllers()
 
         $extension->setOwner($controller);
 
-        //useNonce is set but only applies on the PageController.
-        //let's check Security controller for logins: it should be absent
+        //let's check Security controller for logins: it should be there
         $secController = new Security();
-        $this->expectException('BadMethodCallException');
-        $this->assertNull($secController->getNonce());
+        $this->assertNotNull($secController->getNonce());
 
         //also check CMS-level controllers
         $cmsController = new LeftAndMain();
-        $this->expectException('BadMethodCallException');
-        $this->assertNull($secController->getNonce());
-
-        //now apply the extension, getNonce should not be null
-        $extension2 = new ControllerCSPExtension();
-
-        $extension2->setOwner($secController);
         $this->assertNotNull($secController->getNonce());
-
-        $extension3 = new ControllerCSPExtension();
-
-        $extension3->setOwner($cmsController);
-        $this->assertNotNull($cmsController->getNonce());
     }
 }