(t *testing.T)
| 525 | } |
| 526 | |
| 527 | func TestCSRFConfig_checkSecFetchSiteRequest(t *testing.T) { |
| 528 | var testCases = []struct { |
| 529 | name string |
| 530 | givenConfig CSRFConfig |
| 531 | whenMethod string |
| 532 | whenSecFetchSite string |
| 533 | whenOrigin string |
| 534 | expectAllow bool |
| 535 | expectErr string |
| 536 | }{ |
| 537 | { |
| 538 | name: "ok, unsafe POST, no SecFetchSite is not blocked", |
| 539 | givenConfig: CSRFConfig{}, |
| 540 | whenMethod: http.MethodPost, |
| 541 | whenSecFetchSite: "", |
| 542 | expectAllow: false, // should fall back to token CSRF |
| 543 | }, |
| 544 | { |
| 545 | name: "ok, safe GET + same-origin passes", |
| 546 | givenConfig: CSRFConfig{}, |
| 547 | whenMethod: http.MethodGet, |
| 548 | whenSecFetchSite: "same-origin", |
| 549 | expectAllow: true, |
| 550 | }, |
| 551 | { |
| 552 | name: "ok, safe GET + none passes", |
| 553 | givenConfig: CSRFConfig{}, |
| 554 | whenMethod: http.MethodGet, |
| 555 | whenSecFetchSite: "none", |
| 556 | expectAllow: true, |
| 557 | }, |
| 558 | { |
| 559 | name: "ok, safe GET + same-site passes", |
| 560 | givenConfig: CSRFConfig{}, |
| 561 | whenMethod: http.MethodGet, |
| 562 | whenSecFetchSite: "same-site", |
| 563 | expectAllow: true, |
| 564 | }, |
| 565 | { |
| 566 | name: "ok, safe GET + cross-site passes", |
| 567 | givenConfig: CSRFConfig{}, |
| 568 | whenMethod: http.MethodGet, |
| 569 | whenSecFetchSite: "cross-site", |
| 570 | expectAllow: true, |
| 571 | }, |
| 572 | { |
| 573 | name: "nok, unsafe POST + cross-site is blocked", |
| 574 | givenConfig: CSRFConfig{}, |
| 575 | whenMethod: http.MethodPost, |
| 576 | whenSecFetchSite: "cross-site", |
| 577 | expectAllow: false, |
| 578 | expectErr: `code=403, message=cross-site request blocked by CSRF`, |
| 579 | }, |
| 580 | { |
| 581 | name: "nok, unsafe POST + same-site is blocked", |
| 582 | givenConfig: CSRFConfig{}, |
| 583 | whenMethod: http.MethodPost, |
| 584 | whenSecFetchSite: "same-site", |
nothing calls this directly
no test coverage detected
searching dependent graphs…