Test CSRF in feature test using Capybara

tddcapybararailsrubytest
tomoyukikashiro
tomoyukikashiro

Rails app disable request forgery protection in test environment by default.
So csrf token dose not appear in app using <%= csrf_meta_tags %> or form_for

config/environments/test.rb

# Disable request forgery protection in test environment.
config.action_controller.allow_forgery_protection = false

If you want to test or use csrf token you had better use mock to protect_against_forgery in specs.

allow_any_instance_of(ActionController::Base).to receive(:protect_against_forgery?).and_return(true)
Leave a comment