I'm simulating a request coming from an external service, which will not have an authenticity token. I want the test to fail if skip_before_action :verify_authenticity_token is missing.
How do I do this from an Rspec request spec?
Currently I'm using post as below, but it is happily accepted.
post endpoint, my_json_string, {'CONTENT_TYPE' => "application/json"}
CSRF protection disabled in test environment. Try to enable it use:
before do
ActionController::Base.allow_forgery_protection = true
end
after do
ActionController::Base.allow_forgery_protection = false
end