BUGFIX: missed a key rename

BUGFIX: API spec not enabling CSRF

lib/auth/default_current_user_provider.rb

@@ -78,7 +78,7 @@ class Auth::DefaultCurrentUserProvider
   # api has special rights return true if api was detected
   def is_api?
     current_user
-    @env[API_KEY]
+    @env[API_KEY_ENV]
   end
 
   def has_auth_cookie?

spec/controllers/application_controller_spec.rb

@@ -130,6 +130,15 @@ describe TopicsController do
 end
 
 describe 'api' do
+
+  before do
+    ActionController::Base.allow_forgery_protection = true
+  end
+
+  after do
+    ActionController::Base.allow_forgery_protection = false
+  end
+
   describe PostsController do
     let(:user) do
       Fabricate(:user)