azrosen92
Reputation: 9117
Stubbing protect_from_forgery in rspec for API specs
I'm building an api for my Rails app and would like to protect it from CSRF attacks, using protect_from_forgery. I'm writing request specs for the ApiController, and would like to write specs for the response I get when the CSRF in the request is invalid. My question is how do I stub the behavior of protect_from_forgery to mimic an invalid CSRF token?
Upvotes: 2
Views: 1625
Answers (1)
Jonas Meinerz
Reputation: 622
allow(ApiController).to receive(:protect_from_forgery).and_return(false)
Upvotes: 3
Related Questions
- What's the difference between faking, mocking, and stubbing?
- When to use RSpec let()?
- Can Mockito stub a method without regard to the argument?
- Stubbing Devise in rSpec and Rails3
- Controller Specs vs Request Specs?
- Any way to debug RSpec request specs?
- Correct use of protect_from_forgery in Rails app serving Web and API
- Rails 4 skipping protect_from_forgery for API actions
- stubbing templates in RSpec functional tests