Want to stay on top? Ruby Weekly is a once-weekly e-mail newsletter covering the latest Ruby and Rails news.
     Feed Icon

How to force and test POST vs GET methods for dangerous actions in Rails

By Peter Cooper / June 18, 2006

mly from caboo.se looks at how to quickly protect certain controller actions from GET requests in Rails, and presents a couple of useful test helpers to make testing for POST vs GET compliance simple. His code lets you then do a simple test like so:

def test_update__with_get
  assert_method_not_allowed(:update, {:good => :post, :bad => :get})
end

This test ensures that 'update' will only accept a POST request and not a GET.

Other Posts to Enjoy

Twitter Mentions