From 10768aa20418a5c3d547da33d80b9ebe3f34efb0 Mon Sep 17 00:00:00 2001
From: "Akihiko Odaki (@fn_aki@pawoo.net)" <akihiko.odaki.4i@stu.hosei.ac.jp>
Date: Fri, 2 Jun 2017 03:56:55 +0900
Subject: Spec response for forgery (#3248)

Remove protect_from_forgery in ApiController, which is disabled by the
following skip_before_action, as well.
---
 spec/controllers/api_controller_spec.rb | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 spec/controllers/api_controller_spec.rb

(limited to 'spec/controllers/api_controller_spec.rb')

diff --git a/spec/controllers/api_controller_spec.rb b/spec/controllers/api_controller_spec.rb
new file mode 100644
index 000000000..1026afbbc
--- /dev/null
+++ b/spec/controllers/api_controller_spec.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe ApiController, type: :controller do
+  controller do
+    def success
+      head 200
+    end
+  end
+
+  it 'does not protect from forgery' do
+    ActionController::Base.allow_forgery_protection = true
+    routes.draw { post 'success' => 'api#success' }
+    post 'success'
+    expect(response).to have_http_status(:success)
+  end
+end
-- 
cgit