-
Akihiko Odaki (@fn_aki@pawoo.net) authored
Remove protect_from_forgery in ApiController, which is disabled by the following skip_before_action, as well.
Akihiko Odaki (@fn_aki@pawoo.net) authoredRemove protect_from_forgery in ApiController, which is disabled by the following skip_before_action, as well.
api_controller_spec.rb 393 B
# frozen_string_literal: true
require 'rails_helper'
describe ApiController, type: :controller do
controller do
def success
head 200
end
end
it 'does not protect from forgery' do
ActionController::Base.allow_forgery_protection = true
routes.draw { post 'success' => 'api#success' }
post 'success'
expect(response).to have_http_status(:success)
end
end