Sha256: eb6123cad4b28f17c4b487da37594072373e00c6168d9e2b9da509c9e13067f7
Contents?: true
Size: 1.09 KB
Versions: 139
Compression:
Stored size: 1.09 KB
Contents
require File.expand_path('../spec_helper.rb', __FILE__)
describe Rack::Protection::FormToken do
it_behaves_like "any rack application"
it "denies post requests without any token" do
post('/').should_not be_ok
end
it "accepts post requests with correct X-CSRF-Token header" do
post('/', {}, 'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "a")
last_response.should be_ok
end
it "denies post requests with wrong X-CSRF-Token header" do
post('/', {}, 'rack.session' => {:csrf => "a"}, 'HTTP_X_CSRF_TOKEN' => "b")
last_response.should_not be_ok
end
it "accepts post form requests with correct authenticity_token field" do
post('/', {"authenticity_token" => "a"}, 'rack.session' => {:csrf => "a"})
last_response.should be_ok
end
it "denies post form requests with wrong authenticity_token field" do
post('/', {"authenticity_token" => "a"}, 'rack.session' => {:csrf => "b"})
last_response.should_not be_ok
end
it "accepts ajax requests without a valid token" do
post('/', {}, "HTTP_X_REQUESTED_WITH" => "XMLHttpRequest").should be_ok
end
end
Version data entries
139 entries across 134 versions & 23 rubygems