Leverage security definitions for headers in example requests

test-app/app/controllers/application_controller.rb

@@ -1,7 +1,7 @@
 class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
-  protect_from_forgery with: :exception
+  protect_from_forgery with: :null_session
 
   wrap_parameters format: [ :json ]
 end

test-app/app/controllers/auth_tests_controller.rb

@@ -0,0 +1,13 @@
+class AuthTestsController < ApplicationController
+  wrap_parameters Blog
+  respond_to :json
+
+  # POST /auth-tests/basic
+  def basic
+    if authenticate_with_http_basic { |u, p| u == 'jsmith' && p == 'jspass' }
+      head :no_content
+    else
+      request_http_basic_authentication
+    end
+  end
+end