| 38 | } |
| 39 | |
| 40 | const postWithCsrfTokenRotate = async app => { |
| 41 | const request = await createHttpRequest(app); |
| 42 | const preResponse = await request.get('/csrf').expect(200); |
| 43 | const response = await request.get('/rotate').expect(200); |
| 44 | const csrfToken = response.text; |
| 45 | assert.ok(response.text && preResponse.text !== response.text); |
| 46 | const body = { |
| 47 | _csrf: csrfToken, |
| 48 | test: Date.now() |
| 49 | }; |
| 50 | await request.post('/body') |
| 51 | .set('Cookie', response.headers['set-cookie']) |
| 52 | .send(body) |
| 53 | .expect(200) |
| 54 | .expect(body); |
| 55 | } |
| 56 | |
| 57 | const return403WithoutCsrfToken = async app => { |
| 58 | const request = await createHttpRequest(app); |
no test coverage detected