Added a test that shows that a HEAD request does not normally pass CSRF protection

author: Michiel Sikkes <michiel.sikkes@gmail.com> 2013-01-22 21:05:22 +0100
committer: Michiel Sikkes <michiel.sikkes@gmail.com> 2013-01-22 21:05:22 +0100
commit: 64245e02e359cb9cf65bfcae2e2f5bebb00f47bf (patch)
tree: cef0a9fc5f54f82b4efa462a7d7faf96473de1c1 /actionpack/test/controller/request_forgery_protection_test.rb
parent: 5f412956cf55c48996b67d1a6b0d621504a677ba (diff)
download: rails-64245e02e359cb9cf65bfcae2e2f5bebb00f47bf.tar.gz
rails-64245e02e359cb9cf65bfcae2e2f5bebb00f47bf.tar.bz2
rails-64245e02e359cb9cf65bfcae2e2f5bebb00f47bf.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 523a8d0572..7571192f97 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -170,6 +170,10 @@ module RequestForgeryProtectionTests
     assert_not_blocked { get :index }
   end
 
+  def test_should_allow_head
+    assert_not_blocked { head :index }
+  end
+
   def test_should_allow_post_without_token_on_unsafe_action
     assert_not_blocked { post :unsafe }
   end
author	Michiel Sikkes <michiel.sikkes@gmail.com>	2013-01-22 21:05:22 +0100
committer	Michiel Sikkes <michiel.sikkes@gmail.com>	2013-01-22 21:05:22 +0100
commit	64245e02e359cb9cf65bfcae2e2f5bebb00f47bf (patch)
tree	cef0a9fc5f54f82b4efa462a7d7faf96473de1c1 /actionpack/test/controller/request_forgery_protection_test.rb
parent	5f412956cf55c48996b67d1a6b0d621504a677ba (diff)
download	rails-64245e02e359cb9cf65bfcae2e2f5bebb00f47bf.tar.gz rails-64245e02e359cb9cf65bfcae2e2f5bebb00f47bf.tar.bz2 rails-64245e02e359cb9cf65bfcae2e2f5bebb00f47bf.zip