Test_CSRF_TrustedOrigins() — fiber Function Reference
Architecture documentation for the Test_CSRF_TrustedOrigins() function in csrf_test.go from the fiber codebase.
Entity Profile
Dependency Diagram
graph TD e411ca63_8c20_3c62_0bea_7b30855223d0["Test_CSRF_TrustedOrigins()"] 306a0c68_f5a5_b368_f37a_1419425a8fea["csrf_test.go"] e411ca63_8c20_3c62_0bea_7b30855223d0 -->|defined in| 306a0c68_f5a5_b368_f37a_1419425a8fea c0e56540_33d3_bca9_1b08_7be0c1c5a7cb["newTrustedApp()"] e411ca63_8c20_3c62_0bea_7b30855223d0 -->|calls| c0e56540_33d3_bca9_1b08_7be0c1c5a7cb bb323ee5_6f3e_2587_e39a_a230309b88c4["newTrustedRequestCtx()"] e411ca63_8c20_3c62_0bea_7b30855223d0 -->|calls| bb323ee5_6f3e_2587_e39a_a230309b88c4 style e411ca63_8c20_3c62_0bea_7b30855223d0 fill:#6366f1,stroke:#818cf8,color:#fff
Relationship Graph
Source Code
middleware/csrf/csrf_test.go lines 1184–1339
func Test_CSRF_TrustedOrigins(t *testing.T) {
t.Parallel()
app := newTrustedApp()
app.Use(New(Config{
CookieSecure: true,
TrustedOrigins: []string{
"http://safe.example.com",
"https://safe.example.com",
"http://*.domain-1.com",
"https://*.domain-1.com",
},
}))
app.Post("/", func(c fiber.Ctx) error {
return c.SendStatus(fiber.StatusOK)
})
h := app.Handler()
ctx := newTrustedRequestCtx()
ctx.Request.Header.SetMethod(fiber.MethodGet)
ctx.Request.Header.Set(fiber.HeaderXForwardedProto, "https")
h(ctx)
token := string(ctx.Response.Header.Peek(fiber.HeaderSetCookie))
token = strings.Split(strings.Split(token, ";")[0], "=")[1]
// Test Trusted Origin
ctx.Request.Reset()
ctx.Response.Reset()
ctx.Request.Header.SetMethod(fiber.MethodPost)
ctx.Request.URI().SetScheme("http")
ctx.Request.URI().SetHost("example.com")
ctx.Request.Header.SetProtocol("http")
ctx.Request.Header.SetHost("example.com")
ctx.Request.Header.Set(fiber.HeaderOrigin, "http://safe.example.com")
ctx.Request.Header.Set(HeaderName, token)
ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token)
h(ctx)
require.Equal(t, 200, ctx.Response.StatusCode())
// Test Trusted Origin Subdomain
ctx.Request.Reset()
ctx.Response.Reset()
ctx.Request.Header.SetMethod(fiber.MethodPost)
ctx.Request.URI().SetScheme("http")
ctx.Request.URI().SetHost("domain-1.com")
ctx.Request.Header.SetProtocol("http")
ctx.Request.Header.SetHost("domain-1.com")
ctx.Request.Header.Set(fiber.HeaderOrigin, "http://safe.domain-1.com")
ctx.Request.Header.Set(HeaderName, token)
ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token)
h(ctx)
require.Equal(t, 200, ctx.Response.StatusCode())
// Test Trusted Origin deeply nested subdomain
ctx.Request.Reset()
ctx.Response.Reset()
ctx.Request.Header.SetMethod(fiber.MethodPost)
ctx.Request.URI().SetScheme("https")
ctx.Request.URI().SetHost("a.b.c.domain-1.com")
ctx.Request.Header.SetProtocol("https")
ctx.Request.Header.SetHost("a.b.c.domain-1.com")
ctx.Request.Header.Set(fiber.HeaderOrigin, "https://a.b.c.domain-1.com")
ctx.Request.Header.Set(HeaderName, token)
ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token)
h(ctx)
require.Equal(t, 200, ctx.Response.StatusCode())
// Test Trusted Origin Invalid
ctx.Request.Reset()
ctx.Response.Reset()
ctx.Request.Header.SetMethod(fiber.MethodPost)
ctx.Request.URI().SetScheme("http")
ctx.Request.URI().SetHost("domain-1.com")
ctx.Request.Header.SetProtocol("http")
ctx.Request.Header.SetHost("domain-1.com")
ctx.Request.Header.Set(fiber.HeaderOrigin, "http://evildomain-1.com")
ctx.Request.Header.Set(HeaderName, token)
ctx.Request.Header.SetCookie(ConfigDefault.CookieName, token)
h(ctx)
require.Equal(t, 403, ctx.Response.StatusCode())Domain
Subdomains
Defined In
Source
Frequently Asked Questions
What does Test_CSRF_TrustedOrigins() do?
Test_CSRF_TrustedOrigins() is a function in the fiber codebase, defined in middleware/csrf/csrf_test.go.
Where is Test_CSRF_TrustedOrigins() defined?
Test_CSRF_TrustedOrigins() is defined in middleware/csrf/csrf_test.go at line 1184.
What does Test_CSRF_TrustedOrigins() call?
Test_CSRF_TrustedOrigins() calls 2 function(s): newTrustedApp, newTrustedRequestCtx.
Analyze Your Own Codebase
Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.
Try Supermodel Free