catstodon/spec/controllers/api_controller_spec.rb
Akihiko Odaki (@fn_aki@pawoo.net) 10768aa204 Spec response for forgery (#3248)
Remove protect_from_forgery in ApiController, which is disabled by the
following skip_before_action, as well.
2017-06-01 20:56:55 +02:00

18 lines
393 B
Ruby

# frozen_string_literal: true
require 'rails_helper'
describe ApiController, type: :controller do
controller do
def success
head 200
end
end
it 'does not protect from forgery' do
ActionController::Base.allow_forgery_protection = true
routes.draw { post 'success' => 'api#success' }
post 'success'
expect(response).to have_http_status(:success)
end
end