mly from caboo.se looks at how to quickly protect certain controller actions from GET requests in Rails, and presents a couple of useful test helpers to make testing for POST vs GET compliance simple. His code lets you then do a simple test like so:

def test_update__with_get
  assert_method_not_allowed(:update, {:good => :post, :bad => :get})
end

This test ensures that 'update' will only accept a POST request and not a GET.