How to force and test POST vs GET methods for dangerous actions in Rails

Post by Peter Cooper

Permanent Link | book mark How to force and test POST vs GET methods for dangerous actions in Rails in del.icio.us

mly from caboo.se looks at how to quickly protect certain controller actions from GET requests in Rails, and presents a couple of useful test helpers to make testing for POST vs GET compliance simple. His code lets you then do a simple test like so:

def test_update__with_get
  assert_method_not_allowed(:update, {:good => :post, :bad => :get})
end

This test ensures that 'update' will only accept a POST request and not a GET.

This entry was posted on Sunday, June 18th, 2006 at 1:31 pm and is filed under Elsewhere, Ruby on Rails. Responses are currently closed, but you can trackback from your own site.

Comments are closed.

07/20	Automate Your Rails Deployment
07/20	EditorKicker 0.1.0 released
07/19	Recurring billing with Authorize.net
07/19	Rails + Gettext Crash Course
07/19	We ain't got no RSpec - Best Voicemail ..
07/19	Scripting support with Axis2
07/18	Rails for PHP Developers: Function Refe..
07/18	Is Twitter Responsible For Rail’s Ima..
07/18	Schema.rb
07/18	Rails TakeFive interview with Ryan Bate..

How to force and test POST vs GET methods for dangerous actions in Rails

Latest Ruby Links

Ruby Heroes Sayeth..

Sponsors

Recent Jobs

Ruby Resources

Rails Resources

Choice Blogs

Supporters

Categories

Archives

Subscribe via e-mail

Subscribe to RSS Feed