fiber Architecture Docs
Home / Function/ Test_CSRF_SecFetchSite() — fiber Function Reference

Test_CSRF_SecFetchSite() — fiber Function Reference

Architecture documentation for the Test_CSRF_SecFetchSite() function in csrf_test.go from the fiber codebase.

Function go FiberMiddleware Security calls 2

Entity Profile

Dependency Diagram

graph TD
  4115123f_67ec_1961_ea31_613a0970cdce["Test_CSRF_SecFetchSite()"]
  306a0c68_f5a5_b368_f37a_1419425a8fea["csrf_test.go"]
  4115123f_67ec_1961_ea31_613a0970cdce -->|defined in| 306a0c68_f5a5_b368_f37a_1419425a8fea
  c0e56540_33d3_bca9_1b08_7be0c1c5a7cb["newTrustedApp()"]
  4115123f_67ec_1961_ea31_613a0970cdce -->|calls| c0e56540_33d3_bca9_1b08_7be0c1c5a7cb
  bb323ee5_6f3e_2587_e39a_a230309b88c4["newTrustedRequestCtx()"]
  4115123f_67ec_1961_ea31_613a0970cdce -->|calls| bb323ee5_6f3e_2587_e39a_a230309b88c4
  style 4115123f_67ec_1961_ea31_613a0970cdce fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

middleware/csrf/csrf_test.go lines 845–1019

func Test_CSRF_SecFetchSite(t *testing.T) {
	t.Parallel()

	errorHandler := func(c fiber.Ctx, err error) error {
		return c.Status(fiber.StatusForbidden).SendString(err.Error())
	}

	app := newTrustedApp()

	app.Use(New(Config{ErrorHandler: errorHandler}))

	app.All("/", func(c fiber.Ctx) error {
		return c.SendStatus(fiber.StatusOK)
	})

	h := app.Handler()
	ctx := newTrustedRequestCtx()
	ctx.Request.Header.SetMethod(fiber.MethodGet)
	ctx.Request.URI().SetScheme("http")
	ctx.Request.URI().SetHost("example.com")
	ctx.Request.Header.SetHost("example.com")
	h(ctx)
	token := string(ctx.Response.Header.Peek(fiber.HeaderSetCookie))
	token = strings.Split(strings.Split(token, ";")[0], "=")[1]

	tests := []struct {
		name                   string
		method                 string
		secFetchSite           string
		origin                 string
		expectedStatus         int16
		https                  bool
		expectFetchSiteInvalid bool
	}{
		{
			name:           "same-origin allowed",
			method:         fiber.MethodPost,
			secFetchSite:   "same-origin",
			origin:         "http://example.com",
			expectedStatus: http.StatusOK,
		},
		{
			name:           "none allowed",
			method:         fiber.MethodPost,
			secFetchSite:   "none",
			origin:         "http://example.com",
			expectedStatus: http.StatusOK,
		},
		{
			name:           "cross-site with origin allowed",
			method:         fiber.MethodPost,
			secFetchSite:   "cross-site",
			origin:         "http://example.com",
			expectedStatus: http.StatusOK,
		},
		{
			name:           "same-site with origin allowed",
			method:         fiber.MethodPost,
			secFetchSite:   "same-site",
			origin:         "http://example.com",
			expectedStatus: http.StatusOK,
		},
		{
			name:           "cross-site with mismatched origin blocked",
			method:         fiber.MethodPost,
			secFetchSite:   "cross-site",
			origin:         "https://attacker.example",
			expectedStatus: http.StatusForbidden,
		},
		{
			name:           "same-site with null origin blocked",
			method:         fiber.MethodPost,
			secFetchSite:   "same-site",
			origin:         "null",
			expectedStatus: http.StatusForbidden,
			https:          true,
		},
		{
			name:                   "invalid header blocked",
			method:                 fiber.MethodPost,
			secFetchSite:           "weird",

Domain

Subdomains

Defined In

Calls

Source

Frequently Asked Questions

What does Test_CSRF_SecFetchSite() do?
Test_CSRF_SecFetchSite() is a function in the fiber codebase, defined in middleware/csrf/csrf_test.go.
Where is Test_CSRF_SecFetchSite() defined?
Test_CSRF_SecFetchSite() is defined in middleware/csrf/csrf_test.go at line 845.
What does Test_CSRF_SecFetchSite() call?
Test_CSRF_SecFetchSite() calls 2 function(s): newTrustedApp, newTrustedRequestCtx.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free