kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Added a test that shows that a HEAD request does not normally pass CSRF protection

Browse source
This commit is contained in:
Michiel Sikkes 2013-01-22 21:05:22 +01:00
parent 5f412956cf
commit 64245e02e3
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
actionpack/test/controller/request_forgery_protection_test.rb
View file

@ -170,6 +170,10 @@ module RequestForgeryProtectionTests
assert_not_blocked { get :index }
end
def test_should_allow_head
assert_not_blocked { head :index }
end
def test_should_allow_post_without_token_on_unsafe_action
assert_not_blocked { post :unsafe }
end