From 64245e02e359cb9cf65bfcae2e2f5bebb00f47bf Mon Sep 17 00:00:00 2001
From: Michiel Sikkes <michiel.sikkes@gmail.com>
Date: Tue, 22 Jan 2013 21:05:22 +0100
Subject: Added a test that shows that a HEAD request does not normally pass
 CSRF protection

---
 actionpack/test/controller/request_forgery_protection_test.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'actionpack/test')

diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 523a8d0572..7571192f97 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -170,6 +170,10 @@ module RequestForgeryProtectionTests
     assert_not_blocked { get :index }
   end
 
+  def test_should_allow_head
+    assert_not_blocked { head :index }
+  end
+
   def test_should_allow_post_without_token_on_unsafe_action
     assert_not_blocked { post :unsafe }
   end
-- 
cgit v1.2.3