[rspec-users] rspec-rails how to selectively turn on csrf protection for controller specs?
nick.rutherford at gmail.com
Thu Jul 8 12:36:00 EDT 2010
I'm setting up a Paypal IPN listener and need the create action to not
use rails' default CSRF protection.
I've got that working fine & test it actually works with cucumber
(where I've turned CSRF back on, since it's full-stack testing) but
would like my controller spec to mention the need for
protect_from_forgery :except => [:create] (and fail when it's not
I've not had any luck with telling the controller or
ActionController::Base to use forgery protection in the spec and am a
Has anyone done this before, or do any of these look possible:
* reload the rails app for part of the spec, using a different rails
initializer (i.e. without
config.action_controller.allow_forgery_protection = false as in
* tell the controller to use forgery protection despite it being
turned off in the rails test environment config (haven't had any luck
with this so far).
* have some specs split off from the main specs which run in a
different rails environment, e.g. test-with-csrf rather than test.
versions: rails 2.3.8, rspec 1.3.0, rspec-rails 1.3.2
Any help or pointers to old topics would be greatly appreciated,
google made this look a bit unexplored beyond "rails fixes csrf by
default, turn off in tests".
More information about the rspec-users