I'm building an api for my Rails app and would like to protect it from CSRF attacks, using protect_from_forgery. I'm writing request specs for the ApiController, and would like to write specs for the response I get when the CSRF in the request is invalid. My question is how do I stub the behavior of protect_from_forgery to mimic an invalid CSRF token?
Stubbing protect_from_forgery in rspec for API specs
1.5k Views Asked by azrosen92 At
1
There are 1 best solutions below
Related Questions in RUBY-ON-RAILS
- Rails HABTM: Select everything a that a record 'has'
- Best way to make an HABTM association via console
- dynamically create an ical / ics file from a rails model
- Ruby destroy is not working? Or objects still present?
- NoMethodError: undefined method `update_average_rating' for nil:NilClass
- Select results where joined table contains records with an attribute, but without another
- Showing posts only created when boolean was true
- Ruby on rails and HAML - Print a hash with background color
- How can I monitor an endpoint's status with Ruby?
- How to create dynamic pages without form_for helper in Rails?
- Rails 4.2 jQuery loads only after refresh
- "Access Denied" - User's Permissions to S3 Bucket
- ActiveRecord, Rails 4: has_many :through with scoped conditions failure
- Rails - formatting a list of options
- Rails - Ajax do not work properly on production server
Related Questions in RSPEC
- Rails routes, rspec
- Faking instance variable in RSpec and Capybara feature spec
- Using Rspec should_receive to test that a controller calls a method on an object correctly
- stubbing 'gets' in ruby multiple times
- Testing Twitter Typeahead with RSpec/Capybara
- Rspec is giving file is not defined error
- Why spec does not see the class in the module?
- Clicking label element that unfortunately contains a link
- Why am I receiving a load error in my RSpec tests?
- If I stub out .save method in my controller test how can I check the correct show template is rendered?
- Cannot run elastic search in circleci to make my rspec for elasticsearch to pass?
- Factory Not Registered in rspec but found in console
- Route Not Working in Rspec
- Padrino + FactoryGirl not performing Lazy Loading
- 'cannot load such file -- factory_girl_rails (LoadError)' in rails 4.1.8
Related Questions in MOCKING
- PHPunit call magic methods
- AngularJS Unit Testing - multiple mocks and providers
- How to use Sinon.js FakeXMLHttpRequest with superagent?
- Automatically wrap C/C++ function at compile-time with annotation
- How to mock specific RequireJs dependencies while unit testing
- Create mock based on existed real instance
- Overriding function with Sinon.mock?
- Spring MockRestServiceServer handling multiple requests to the same URI (auto-discovery)
- Sling Mock is not allowing to get ResourceResolverFactory
- Swift Mocking Class
- How can I mock methods of @InjectMocks class?
- Can I inject primitive variable into mocked class using annotation?
- How to capture field value when a method of a class is called in Python?
- Unit testing a fluent interface with Mockito
- Mocked repository does not trigger as expected
Related Questions in CSRF-PROTECTION
- CSRFProtector PHP library won't submit any form data
- Does an anonymous comment/post form need csrf token? If not why does SO use it and how to implement it?
- Is Encrypted Token Pattern CSRF protection immune to BREACH attack?
- Laravel 5 and Internet Explorer : Token Mismatch
- How can I use CSRF tokens provided by the play framework (play-2.2.3) with a PHP front-end?
- Flask : CSRF verification failed
- Yii2 validateCsrfToken does not work as expected
- Laravel- Token missmatch exception in Ajax Request
- Why doesn't pre-flight CORS block CSRF attacks?
- Is it necessary to generate anti-XSRF/CSRF token in server side?
- API CSRF protection
- When or when not to use CSRF in APIs?
- How to redirect with InvalidAuthenticityToken error
- How to send csrf token in AJAX request (Without Jquery) in expressjs?
- Symfony2: Invalid CSRF token while remember me authentication
Related Questions in PROTECT-FROM-FORGERY
- ActionController::InvalidAuthenticityToken in Rails Engine
- How to securely register non-routing clicks on page via AJAX/update action?
- Rails CSFR protection: is it corrent to write before_filter?
- Is Rails' protect_from_forgery really useful?
- Ruby: protect_from_forgery when is it raised?
- Rails 4 upgrade throwing InvalidAuthenticityToken
- Stubbing protect_from_forgery in rspec for API specs
- Rails 3 protect_from_forgery problems
- How to turn off rails protect_from_forgery filter only for json
- Rails protect_from_forgery problems and warning with C#/unity3D
- Rails 3, protect_from_forgery and IE8 problems
- protect_from_forgery does not protect PUT/DELETE requests
- asp.net and Cross Site Request Forgery
- InvalidAuthenticityToken errors in mobile
- Does `protect_from_forgery with: :exception` crash process?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?