Refuse non-JSON queries on API

2015-05-01 17:47:06 +00:00 · 2015-05-01 17:47:06 +00:00 · 8e3955a97b
commit 8e3955a97b
parent 063376a285
2 changed files with 13 additions and 0 deletions
--- a/app/controllers/api/application_controller.rb
+++ b/app/controllers/api/application_controller.rb
@ -4,6 +4,7 @@ module API
    skip_before_filter :authenticate!, only: :cor_preflight

    before_filter :cor_filter
+    before_filter :json_filter!

    def cor_filter
      headers['Access-Control-Allow-Origin'] = request.headers['Origin'] ?
@ -28,5 +29,9 @@ module API
    def authenticate!
      head :unauthorized if current_user.nil?
    end
+
+    def json_filter!
+      head :not_acceptable if request.format != :json
+    end
  end
 end
--- a/spec/integration/api/application_spec.rb
+++ b/spec/integration/api/application_spec.rb
@ -10,4 +10,12 @@ describe 'API application' do
      expect(json).to eq(pong: 'ok')
    end
  end
+
+  describe 'formats handling' do
+    it 'responds with a 406 when request format is not JSON' do
+      get api_ping_path, format: :xml
+      expect(response.status).to be 406
+      expect(response.body).to be_empty
+    end
+  end
 end