Test_CSRF_Chain_Extractor() — fiber Function Reference
Architecture documentation for the Test_CSRF_Chain_Extractor() function in csrf_test.go from the fiber codebase.
Entity Profile
Dependency Diagram
graph TD de1ec2a7_0389_defb_edd6_28074951f6da["Test_CSRF_Chain_Extractor()"] 306a0c68_f5a5_b368_f37a_1419425a8fea["csrf_test.go"] de1ec2a7_0389_defb_edd6_28074951f6da -->|defined in| 306a0c68_f5a5_b368_f37a_1419425a8fea style de1ec2a7_0389_defb_edd6_28074951f6da fill:#6366f1,stroke:#818cf8,color:#fff
Relationship Graph
Source Code
middleware/csrf/csrf_test.go lines 2077–2150
func Test_CSRF_Chain_Extractor(t *testing.T) {
t.Parallel()
app := fiber.New()
// Chain extractor: try header first, fall back to form
chainExtractor := extractors.Chain(
extractors.FromHeader("X-Csrf-Token"),
extractors.FromForm("_csrf"),
)
app.Use(New(Config{Extractor: chainExtractor}))
app.Post("/", func(c fiber.Ctx) error {
return c.SendStatus(fiber.StatusOK)
})
h := app.Handler()
ctx := &fasthttp.RequestCtx{}
// Generate CSRF token
ctx.Request.Header.SetMethod(fiber.MethodGet)
h(ctx)
token := string(ctx.Response.Header.Peek(fiber.HeaderSetCookie))
token = strings.Split(strings.Split(token, ";")[0], "=")[1]
// Test 1: Token in header (first extractor should succeed)
ctx.Request.Reset()
ctx.Response.Reset()
ctx.Request.Header.SetMethod(fiber.MethodPost)
ctx.Request.Header.Set("X-Csrf-Token", token)
ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token)
h(ctx)
require.Equal(t, 200, ctx.Response.StatusCode())
// Test 2: Token in form (fallback should succeed)
ctx.Request.Reset()
ctx.Response.Reset()
ctx.Request.Header.SetMethod(fiber.MethodPost)
ctx.Request.Header.Set(fiber.HeaderContentType, fiber.MIMEApplicationForm)
ctx.Request.SetBodyString("_csrf=" + token)
ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token)
h(ctx)
require.Equal(t, 200, ctx.Response.StatusCode())
// Test 3: Token in both header and form (header should take precedence)
ctx.Request.Reset()
ctx.Response.Reset()
ctx.Request.Header.SetMethod(fiber.MethodPost)
ctx.Request.Header.Set(fiber.HeaderContentType, fiber.MIMEApplicationForm)
ctx.Request.Header.Set("X-Csrf-Token", token)
ctx.Request.SetBodyString("_csrf=wrong_token")
ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token)
h(ctx)
require.Equal(t, 200, ctx.Response.StatusCode())
// Test 4: No token in either location
ctx.Request.Reset()
ctx.Response.Reset()
ctx.Request.Header.SetMethod(fiber.MethodPost)
ctx.Request.Header.Set(fiber.HeaderContentType, fiber.MIMEApplicationForm)
h(ctx)
require.Equal(t, 403, ctx.Response.StatusCode())
// Test 5: Wrong token in both locations
ctx.Request.Reset()
ctx.Response.Reset()
ctx.Request.Header.SetMethod(fiber.MethodPost)
ctx.Request.Header.Set(fiber.HeaderContentType, fiber.MIMEApplicationForm)
ctx.Request.Header.Set("X-Csrf-Token", "wrong_token")
ctx.Request.SetBodyString("_csrf=also_wrong")
ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token)
h(ctx)
require.Equal(t, 403, ctx.Response.StatusCode())
}Domain
Subdomains
Defined In
Source
Frequently Asked Questions
What does Test_CSRF_Chain_Extractor() do?
Test_CSRF_Chain_Extractor() is a function in the fiber codebase, defined in middleware/csrf/csrf_test.go.
Where is Test_CSRF_Chain_Extractor() defined?
Test_CSRF_Chain_Extractor() is defined in middleware/csrf/csrf_test.go at line 2077.
Analyze Your Own Codebase
Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.
Try Supermodel Free