Kharec/goyco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test: verify CSRF rejects requests with only cookie token

Browse Source
This commit is contained in:
Sandro CURY CAZZANIGA
2025-12-26 17:28:58 +01:00
parent 0802b9dd9d
commit fc23cbd6fd
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
internal/middleware/csrf_test.go
View File

@@ -94,6 +94,23 @@ func TestCSRFTokenValidationMissingCookie(t *testing.T) {
} }
} }
func TestCSRFTokenValidationOnlyCookie(t *testing.T) {
token, err := CSRFToken()
if err != nil {
t.Fatalf("Failed to generate CSRF token: %v", err)
}
request := httptest.NewRequest("POST", "/test", nil)
request.AddCookie(&http.Cookie{
Name: CSRFTokenCookieName,
Value: token,
})
if ValidateCSRFToken(request) {
t.Error("Request with only cookie (no form/header token) should fail validation")
}
}
func TestCSRFTokenValidationHeader(t *testing.T) { func TestCSRFTokenValidationHeader(t *testing.T) {
token, err := CSRFToken() token, err := CSRFToken()
if err != nil { if err != nil {