Sha256: b50bd3b0ba51a3ffa9e5a390a789e2723b9781f1a218bc8bc902faee917fdbb9
Contents?: true
Size: 1.1 KB
Versions: 69
Compression:
Stored size: 1.1 KB
Contents
require File.expand_path('../spec_helper.rb', __FILE__)
describe Rack::Protection::AuthenticityToken do
it_behaves_like "any rack application"
it "denies post requests without any token" do
post('/').should_not be_ok
end
it "accepts post requests with correct X-CSRF-Token header" do
post('/', {}, 'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "a")
last_response.should be_ok
end
it "denies post requests with wrong X-CSRF-Token header" do
post('/', {}, 'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "b")
last_response.should_not be_ok
end
it "accepts post form requests with correct authenticity_token field" do
post('/', {"authenticity_token" => "a"}, 'rack.session' => {:csrf => "a"})
last_response.should be_ok
end
it "denies post form requests with wrong authenticity_token field" do
post('/', {"authenticity_token" => "a"}, 'rack.session' => {:csrf => "b"})
last_response.should_not be_ok
end
it "prevents ajax requests without a valid token" do
post('/', {}, "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest").should_not be_ok
end
end
Version data entries
69 entries across 67 versions & 5 rubygems