go/echo
1
0
Fork 0
mirror of https://github.com/labstack/echo.git synced 2025-06-15 00:14:57 +02:00
Code Issues Releases Activity

Fix CSRF tests for Go 1.12

Browse Source
This commit is contained in:
Roland Lammel
2021-01-03 01:45:58 +01:00
parent 36f524ede8
commit c7c792d3bd
5 changed files with 36 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
middleware/csrf.go
View File

@ -110,7 +110,7 @@ func CSRFWithConfig(config CSRFConfig) echo.MiddlewareFunc {
if config.CookieMaxAge == 0 { if config.CookieMaxAge == 0 {
config.CookieMaxAge = DefaultCSRFConfig.CookieMaxAge config.CookieMaxAge = DefaultCSRFConfig.CookieMaxAge
} }
if config.CookieSameSite == http.SameSiteNoneMode { if config.CookieSameSite == SameSiteNoneMode {
config.CookieSecure = true config.CookieSecure = true
} }

2
middleware/csrf_samesite.go
View File

@ -1,4 +1,4 @@
// +build !go1.12 // +build go1.13
package middleware package middleware

2
middleware/csrf_samesite_1.12.go
View File

@ -1,4 +1,4 @@
// +build go1.12 // +build !go1.13
package middleware package middleware

33
middleware/csrf_samesite_test.go Normal file
View File

@ -0,0 +1,33 @@
// +build go1.13
package middleware
import (
"net/http"
"net/http/httptest"
"testing"
"github.com/labstack/echo/v4"
"github.com/stretchr/testify/assert"
)
// Test for SameSiteModeNone moved to separate file for Go 1.12 support
func TestCSRFWithSameSiteModeNone(t *testing.T) {
e := echo.New()
req := httptest.NewRequest(http.MethodGet, "/", nil)
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
csrf := CSRFWithConfig(CSRFConfig{
CookieSameSite: SameSiteNoneMode,
})
h := csrf(func(c echo.Context) error {
return c.String(http.StatusOK, "test")
})
r := h(c)
assert.NoError(t, r)
assert.Regexp(t, "SameSite=None", rec.Header()["Set-Cookie"])
assert.Regexp(t, "Secure", rec.Header()["Set-Cookie"])
}

20
middleware/csrf_test.go
View File

@ -138,23 +138,3 @@ func TestCSRFWithSameSiteDefaultMode(t *testing.T) {
fmt.Println(rec.Header()["Set-Cookie"]) fmt.Println(rec.Header()["Set-Cookie"])
assert.NotRegexp(t, "SameSite=", rec.Header()["Set-Cookie"]) assert.NotRegexp(t, "SameSite=", rec.Header()["Set-Cookie"])
} }
func TestCSRFWithSameSiteModeNone(t *testing.T) {
e := echo.New()
req := httptest.NewRequest(http.MethodGet, "/", nil)
rec := httptest.NewRecorder()
c := e.NewContext(req, rec)
csrf := CSRFWithConfig(CSRFConfig{
CookieSameSite: SameSiteNoneMode,
})
h := csrf(func(c echo.Context) error {
return c.String(http.StatusOK, "test")
})
r := h(c)
assert.NoError(t, r)
assert.Regexp(t, "SameSite=None", rec.Header()["Set-Cookie"])
assert.Regexp(t, "Secure", rec.Header()["Set-Cookie"])
}