Spec response for forgery (#3248)

Remove protect_from_forgery in ApiController, which is disabled by the following skip_before_action, as well.
author: Akihiko Odaki (@fn_aki@pawoo.net) <akihiko.odaki.4i@stu.hosei.ac.jp> 2017-06-02 03:56:55 +0900
committer: Eugen Rochko <eugen@zeonfederated.com> 2017-06-01 20:56:55 +0200
commit: 10768aa20418a5c3d547da33d80b9ebe3f34efb0 (patch)
tree: 777447fa4ba96b3e8be51c39cec48233de472460 /spec/controllers/application_controller_spec.rb
parent: e98559c3ff79ccc9b5b866c5351416dd58f2ebee (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 83ec02401..9370dcdad 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -37,6 +37,16 @@ describe ApplicationController, type: :controller do
     end
   end
 
+  context 'forgery' do
+    subject do
+      ActionController::Base.allow_forgery_protection = true
+      routes.draw { post 'success' => 'anonymous#success' }
+      post 'success'
+    end
+
+    include_examples 'respond_with_error', 422
+  end
+
   it "does not force ssl if LOCAL_HTTPS is not 'true'" do
     routes.draw { get 'success' => 'anonymous#success' }
     ClimateControl.modify LOCAL_HTTPS: '' do
author	Akihiko Odaki (@fn_aki@pawoo.net) <akihiko.odaki.4i@stu.hosei.ac.jp>	2017-06-02 03:56:55 +0900
committer	Eugen Rochko <eugen@zeonfederated.com>	2017-06-01 20:56:55 +0200
commit	10768aa20418a5c3d547da33d80b9ebe3f34efb0 (patch)
tree	777447fa4ba96b3e8be51c39cec48233de472460 /spec/controllers/application_controller_spec.rb
parent	e98559c3ff79ccc9b5b866c5351416dd58f2ebee (diff)