Spec response for forgery (#3248)
Remove protect_from_forgery in ApiController, which is disabled by the following skip_before_action, as well.
This commit is contained in:
Akihiko Odaki (@fn_aki@pawoo.net)
Eugen Rochko
parent
e98559c3ff
commit
10768aa204
3 changed files with 28 additions and 2 deletions
18
spec/controllers/api_controller_spec.rb
Normal file
18
spec/controllers/api_controller_spec.rb
Normal file
|
|
@ -0,0 +1,18 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
describe ApiController, type: :controller do
|
||||
controller do
|
||||
def success
|
||||
head 200
|
||||
end
|
||||
end
|
||||
|
||||
it 'does not protect from forgery' do
|
||||
ActionController::Base.allow_forgery_protection = true
|
||||
routes.draw { post 'success' => 'api#success' }
|
||||
post 'success'
|
||||
expect(response).to have_http_status(:success)
|
||||
end
|
||||
end
|
||||
Loading…
Add table
Add a link
Reference in a new issue