diff --git a/core/lib/spree/testing_support/dummy_app.rb b/core/lib/spree/testing_support/dummy_app.rb
index 350317e5135..1bc385d8285 100644
--- a/core/lib/spree/testing_support/dummy_app.rb
+++ b/core/lib/spree/testing_support/dummy_app.rb
@@ -17,6 +17,7 @@
 
 # @private
 class ApplicationController < ActionController::Base
+  protect_from_forgery with: :exception
 end
 
 # @private
@@ -52,8 +53,8 @@ class Application < ::Rails::Application
     config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=3600' }
     config.whiny_nils = true
     config.consider_all_requests_local = true
-    config.action_controller.allow_forgery_protection = true
-    config.action_controller.default_protect_from_forgery = true
+    config.action_controller.allow_forgery_protection = false
+    config.action_controller.default_protect_from_forgery = false
     config.action_controller.perform_caching = false
     config.action_dispatch.show_exceptions = false
     config.active_support.deprecation = :stderr