Stubbing protect_from_forgery in rspec for API specs

1.5k views Asked by At

I'm building an api for my Rails app and would like to protect it from CSRF attacks, using protect_from_forgery. I'm writing request specs for the ApiController, and would like to write specs for the response I get when the CSRF in the request is invalid. My question is how do I stub the behavior of protect_from_forgery to mimic an invalid CSRF token?

1

There are 1 answers

0
Jonas Meinerz On BEST ANSWER
allow(ApiController).to receive(:protect_from_forgery).and_return(false)