I'm building an api for my Rails app and would like to protect it from CSRF attacks, using protect_from_forgery. I'm writing request specs for the ApiController, and would like to write specs for the response I get when the CSRF in the request is invalid. My question is how do I stub the behavior of protect_from_forgery to mimic an invalid CSRF token?
allow(ApiController).to receive(:protect_from_forgery).and_return(false)