csrf-protection.test.js — astro Source File

Architecture documentation for csrf-protection.test.js, a javascript file in the astro codebase. 5 imports, 0 dependents.

File javascript IntegrationAdapters 5 imports

Entity Profile

IntegrationAdapters→ csrf-protection.test.js — astro Source File

Dependency Diagram

graph LR
  17f72672_4ef2_7a1f_4a0d_7cb7135933e4["csrf-protection.test.js"]
  be670a78_841c_46e5_0af5_c5c328869ecb["test-adapter.js"]
  17f72672_4ef2_7a1f_4a0d_7cb7135933e4 --> be670a78_841c_46e5_0af5_c5c328869ecb
  0a624eac_945e_c9e8_c9de_3feb9de2dd15["test-utils.js"]
  17f72672_4ef2_7a1f_4a0d_7cb7135933e4 --> 0a624eac_945e_c9e8_c9de_3feb9de2dd15
  dd4f09ce_3fd7_8295_f616_8876cda4555c["loadFixture"]
  17f72672_4ef2_7a1f_4a0d_7cb7135933e4 --> dd4f09ce_3fd7_8295_f616_8876cda4555c
  e1e2fac7_5a95_7a88_cb1e_0a3b91c4e607["strict"]
  17f72672_4ef2_7a1f_4a0d_7cb7135933e4 --> e1e2fac7_5a95_7a88_cb1e_0a3b91c4e607
  6b0635f9_51ea_77aa_767b_7857878e98a6["node:test"]
  17f72672_4ef2_7a1f_4a0d_7cb7135933e4 --> 6b0635f9_51ea_77aa_767b_7857878e98a6
  style 17f72672_4ef2_7a1f_4a0d_7cb7135933e4 fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

import assert from 'node:assert/strict';
import { before, describe, it } from 'node:test';
import testAdapter from './test-adapter.js';
import { loadFixture } from './test-utils.js';

describe('CSRF origin check', () => {
	let app;

	before(async () => {
		const fixture = await loadFixture({
			root: './fixtures/csrf-check-origin/',
			adapter: testAdapter(),
		});
		await fixture.build();
		app = await fixture.loadTestAdapterApp();
	});

	it("return 403 when the origin doesn't match and calling a POST", async () => {
		let request;
		let response;
		request = new Request('http://example.com/api/', {
			headers: { origin: 'http://loreum.com', 'content-type': 'multipart/form-data' },
			method: 'POST',
		});
		response = await app.render(request);
		assert.equal(response.status, 403);

		// case where content-type has different casing
		request = new Request('http://example.com/api/', {
			headers: { origin: 'http://loreum.com', 'content-type': 'MULTIPART/FORM-DATA' },
			method: 'POST',
		});
		response = await app.render(request);
		assert.equal(response.status, 403);

		request = new Request('http://example.com/api/', {
			headers: { origin: 'http://loreum.com', 'content-type': 'application/x-www-form-urlencoded' },
			method: 'POST',
		});
		response = await app.render(request);
		assert.equal(response.status, 403);

		request = new Request('http://example.com/api/', {
			headers: { origin: 'http://loreum.com', 'content-type': 'text/plain' },
			method: 'POST',
		});
		response = await app.render(request);
		assert.equal(response.status, 403);

		request = new Request('http://example.com/api/', {
			headers: {
				origin: 'http://loreum.com',
				'content-type': 'application/x-www-form-urlencoded; some-other-value',
			},
			method: 'POST',
		});
		response = await app.render(request);
		assert.equal(response.status, 403);

		request = new Request('http://example.com/api/', {
// ... (206 more lines)

Domain

IntegrationAdapters

Dependencies

Source

View on GitHub

Frequently Asked Questions

What does csrf-protection.test.js do?

csrf-protection.test.js is a source file in the astro codebase, written in javascript. It belongs to the IntegrationAdapters domain.

What does csrf-protection.test.js depend on?

csrf-protection.test.js imports 5 module(s): loadFixture, node:test, strict, test-adapter.js, test-utils.js.

Where is csrf-protection.test.js in the architecture?

csrf-protection.test.js is located at packages/astro/test/csrf-protection.test.js (domain: IntegrationAdapters, directory: packages/astro/test).

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free