0

I want to test that a PUT to an endpoint (products/:id) works, but when I try

curl -X PUT -d listing_id_created=True localhost:3000/products/27

it gives ActionController::InvalidAuthenticityToken, which I now realise is the expected result (since there's no authenticity token provided since the PUT is coming from curl and curl doesn't know anything about it).

So my question is how do I run some simple curl PUTs (or any other verbs) to check that endpoints work correctly? Is the only solution to simply disable/skip the authenticity token?

stevec
  • 41,291
  • 27
  • 223
  • 311
  • https://stackoverflow.com/a/39546794/2325924 – 7urkm3n Nov 16 '20 at 10:24
  • @7urkm3n does that mean it only protects from forgery if it's not a json response? Is that safe ? as in, couldn't a CSRF attack simply send json my way and mess up my database? – stevec Nov 16 '20 at 10:26
  • @7urkm3n I can confirm that the curl request now succeeds. I am still uncertain as to whether it's wise though? – stevec Nov 16 '20 at 10:41

0 Answers0