MCPcopy
hub / github.com/labstack/echo / TestCSRFConfig_checkSecFetchSiteRequest

Function TestCSRFConfig_checkSecFetchSiteRequest

middleware/csrf_test.go:527–875  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

525}
526
527func TestCSRFConfig_checkSecFetchSiteRequest(t *testing.T) {
528 var testCases = []struct {
529 name string
530 givenConfig CSRFConfig
531 whenMethod string
532 whenSecFetchSite string
533 whenOrigin string
534 expectAllow bool
535 expectErr string
536 }{
537 {
538 name: "ok, unsafe POST, no SecFetchSite is not blocked",
539 givenConfig: CSRFConfig{},
540 whenMethod: http.MethodPost,
541 whenSecFetchSite: "",
542 expectAllow: false, // should fall back to token CSRF
543 },
544 {
545 name: "ok, safe GET + same-origin passes",
546 givenConfig: CSRFConfig{},
547 whenMethod: http.MethodGet,
548 whenSecFetchSite: "same-origin",
549 expectAllow: true,
550 },
551 {
552 name: "ok, safe GET + none passes",
553 givenConfig: CSRFConfig{},
554 whenMethod: http.MethodGet,
555 whenSecFetchSite: "none",
556 expectAllow: true,
557 },
558 {
559 name: "ok, safe GET + same-site passes",
560 givenConfig: CSRFConfig{},
561 whenMethod: http.MethodGet,
562 whenSecFetchSite: "same-site",
563 expectAllow: true,
564 },
565 {
566 name: "ok, safe GET + cross-site passes",
567 givenConfig: CSRFConfig{},
568 whenMethod: http.MethodGet,
569 whenSecFetchSite: "cross-site",
570 expectAllow: true,
571 },
572 {
573 name: "nok, unsafe POST + cross-site is blocked",
574 givenConfig: CSRFConfig{},
575 whenMethod: http.MethodPost,
576 whenSecFetchSite: "cross-site",
577 expectAllow: false,
578 expectErr: `code=403, message=cross-site request blocked by CSRF`,
579 },
580 {
581 name: "nok, unsafe POST + same-site is blocked",
582 givenConfig: CSRFConfig{},
583 whenMethod: http.MethodPost,
584 whenSecFetchSite: "same-site",

Callers

nothing calls this directly

Calls 3

SetMethod · 0.80
NewContextMethod · 0.80

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…