I'm setting up a Paypal IPN listener and need the create action to not use rails' default CSRF protection.
I've got that working fine & test it actually works with cucumber (where I've turned CSRF back on, since it's full-stack testing) but would like my controller spec to mention the need for protect_from_forgery :except => [:create] (and fail when it's not set). I've not had any luck with telling the controller or ActionController::Base to use forgery protection in the spec and am a bit stuck. Has anyone done this before, or do any of these look possible: * reload the rails app for part of the spec, using a different rails initializer (i.e. without config.action_controller.allow_forgery_protection = false as in environments/test.rb) * tell the controller to use forgery protection despite it being turned off in the rails test environment config (haven't had any luck with this so far). * have some specs split off from the main specs which run in a different rails environment, e.g. test-with-csrf rather than test. versions: rails 2.3.8, rspec 1.3.0, rspec-rails 1.3.2 Any help or pointers to old topics would be greatly appreciated, google made this look a bit unexplored beyond "rails fixes csrf by default, turn off in tests". Cheers Nick _______________________________________________ rspec-users mailing list rspec-users@rubyforge.org http://rubyforge.org/mailman/listinfo/rspec-users
