From d96d252df30dc64664c0c27f2d8ebfdd8aba3fb6 Mon Sep 17 00:00:00 2001
From: Pete Matsyburka <pete@docuseal.com>
Date: Mon, 27 Apr 2026 12:13:53 +0300
Subject: [PATCH] use post for test mode

---
 app/controllers/testing_accounts_controller.rb | 2 +-
 app/views/shared/_navbar.html.erb              | 2 +-
 app/views/shared/_settings_nav.html.erb        | 2 +-
 app/views/shared/_test_mode_toggle.html.erb    | 2 +-
 config/routes.rb                               | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app/controllers/testing_accounts_controller.rb b/app/controllers/testing_accounts_controller.rb
index 6c6cf3d1..44274eef 100644
--- a/app/controllers/testing_accounts_controller.rb
+++ b/app/controllers/testing_accounts_controller.rb
@@ -3,7 +3,7 @@
 class TestingAccountsController < ApplicationController
   skip_authorization_check only: :destroy
 
-  def show
+  def create
     authorize!(:manage, current_account)
     authorize!(:manage, current_user)
 
diff --git a/app/views/shared/_navbar.html.erb b/app/views/shared/_navbar.html.erb
index 6d66674c..c647dc27 100644
--- a/app/views/shared/_navbar.html.erb
+++ b/app/views/shared/_navbar.html.erb
@@ -59,7 +59,7 @@
             </li>
           <% end %>
           <% if (can?(:manage, EncryptedConfig) && current_user == true_user) || (current_user != true_user && current_account.testing?) %>
-            <%= form_for '', url: testing_account_path, method: current_account.testing? ? :delete : :get, html: { class: 'w-full py-1' } do |f| %>
+            <%= form_for '', url: testing_account_path, method: current_account.testing? ? :delete : :post, html: { class: 'w-full py-1' } do |f| %>
               <label class="flex items-center pl-6 pr-4 py-2 border-y border-base-300 -ml-2 -mr-2" for="testing_toggle">
                 <submit-form data-on="change" class="flex">
                   <%= f.check_box :testing_toggle, class: 'toggle', checked: current_account.testing?, style: 'height: 0.885rem; width: 1.35rem; --handleoffset: 0.395rem; margin-left: -2px; margin-right: 8px' %>
diff --git a/app/views/shared/_settings_nav.html.erb b/app/views/shared/_settings_nav.html.erb
index 5edf8270..147b1c31 100644
--- a/app/views/shared/_settings_nav.html.erb
+++ b/app/views/shared/_settings_nav.html.erb
@@ -97,7 +97,7 @@
         <% end %>
         <%= render 'shared/settings_nav_extra2' %>
         <% if (can?(:manage, EncryptedConfig) && current_user == true_user) || (current_user != true_user && current_account.testing?) %>
-          <%= form_for '', url: testing_account_path, method: current_account.testing? ? :delete : :get, html: { class: 'w-full' } do |f| %>
+          <%= form_for '', url: testing_account_path, method: current_account.testing? ? :delete : :post, html: { class: 'w-full' } do |f| %>
             <li>
               <label class="flex items-center text-base hover:bg-base-300 w-full justify-between" for="testing_toggle">
                 <span class="mr-2 w-full">
diff --git a/app/views/shared/_test_mode_toggle.html.erb b/app/views/shared/_test_mode_toggle.html.erb
index f74dd1ce..2e454b63 100644
--- a/app/views/shared/_test_mode_toggle.html.erb
+++ b/app/views/shared/_test_mode_toggle.html.erb
@@ -1,5 +1,5 @@
 <% if can?(:manage, EncryptedConfig) || (current_user != true_user && current_account.testing?) %>
-  <%= form_for '', url: testing_account_path, method: current_account.testing? ? :delete : :get, html: { class: 'flex' } do |f| %>
+  <%= form_for '', url: testing_account_path, method: current_account.testing? ? :delete : :post, html: { class: 'flex' } do |f| %>
     <label class="flex items-center justify-between" for="testing_toggle">
       <span class="mr-2 text-lg">
         <%= t('test_mode') %>
diff --git a/config/routes.rb b/config/routes.rb
index 60afd92b..6b569394 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -77,7 +77,7 @@ Rails.application.routes.draw do
   resources :console_redirect, only: %i[index]
   resources :upgrade, only: %i[index], controller: 'console_redirect'
   resources :manage, only: %i[index], controller: 'console_redirect'
-  resource :testing_account, only: %i[show destroy]
+  resource :testing_account, only: %i[create destroy]
   resources :testing_api_settings, only: %i[index]
   resources :submitters_autocomplete, only: %i[index]
   resources :submitters_resubmit, only: %i[update]