Testing Forgery Protection November 3rd, 2008
Try to follow here:
I needed to test 1 controller to see if he was not protected from forgery protection, because requests to that controller come from an external source.
So basically I need to test if my code has
In the test environment, the authenticity_token check is disabled. You can re-enable it in your test like this:
class AccountsControllerTest < ActionController::TestCase def setup super AccountsController.allow_forgery_protection = true # Make sure we have forgery protection before filter turned off end end
When you do a post and you haven’t skipped the filter, the test will fail.l