Testing Forgery Protection November 3rd, 2008

Try to follow here:

I needed to test 1 controller to see if he was not protected from forgery protection, because requests to that controller come from an external source.

So basically I need to test if my code has

skip_before_filter :verify_authenticity_token

In the test environment, the authenticity_token check is disabled. You can re-enable it in your test like this:

class AccountsControllerTest < ActionController::TestCase
  def setup
    super
    AccountsController.allow_forgery_protection = true # Make sure we have forgery protection before filter turned off
  end
end

When you do a post and you haven’t skipped the filter, the test will fail.

tags: , , l

1 Response to “Testing Forgery Protection”

  • over 3 years ago grosser said

    nice idea, ive been skipping this test so far…

Sorry, comments are closed for this article.