fiber Architecture Docs
Home / Function/ Test_CSRF_UnsafeHeaderValue() — fiber Function Reference

Test_CSRF_UnsafeHeaderValue() — fiber Function Reference

Architecture documentation for the Test_CSRF_UnsafeHeaderValue() function in csrf_test.go from the fiber codebase.

Function go FiberMiddleware Security

Entity Profile

Dependency Diagram

graph TD
  84f23f48_228b_288f_dfbc_35534b704575["Test_CSRF_UnsafeHeaderValue()"]
  306a0c68_f5a5_b368_f37a_1419425a8fea["csrf_test.go"]
  84f23f48_228b_288f_dfbc_35534b704575 -->|defined in| 306a0c68_f5a5_b368_f37a_1419425a8fea
  style 84f23f48_228b_288f_dfbc_35534b704575 fill:#6366f1,stroke:#818cf8,color:#fff

Relationship Graph

Source Code

middleware/csrf/csrf_test.go lines 1788–1853

func Test_CSRF_UnsafeHeaderValue(t *testing.T) {
	t.Parallel()
	app := fiber.New()

	app.Use(New())
	app.Get("/", func(c fiber.Ctx) error {
		return c.SendStatus(fiber.StatusOK)
	})
	app.Get("/test", func(c fiber.Ctx) error {
		return c.SendStatus(fiber.StatusOK)
	})
	app.Post("/", func(c fiber.Ctx) error {
		return c.SendStatus(fiber.StatusOK)
	})

	resp, err := app.Test(httptest.NewRequest(fiber.MethodGet, "/", http.NoBody))
	require.NoError(t, err)
	require.Equal(t, fiber.StatusOK, resp.StatusCode)

	var token string
	for _, c := range resp.Cookies() {
		if c.Name != ConfigDefault.CookieName {
			continue
		}
		token = c.Value
		break
	}

	t.Log("token", token)

	getReq := httptest.NewRequest(fiber.MethodGet, "/", http.NoBody)
	getReq.Header.Set(HeaderName, token)
	resp, err = app.Test(getReq)
	require.NoError(t, err)
	require.Equal(t, fiber.StatusOK, resp.StatusCode)

	getReq = httptest.NewRequest(fiber.MethodGet, "/test", http.NoBody)
	getReq.Header.Set("X-Requested-With", "XMLHttpRequest")
	getReq.Header.Set(fiber.HeaderCacheControl, "no")
	getReq.Header.Set(HeaderName, token)
	getReq.AddCookie(&http.Cookie{
		Name:  ConfigDefault.CookieName,
		Value: token,
	})

	resp, err = app.Test(getReq)
	require.NoError(t, err)
	require.Equal(t, fiber.StatusOK, resp.StatusCode)

	getReq.Header.Set(fiber.HeaderAccept, "*/*")
	getReq.Header.Del(HeaderName)
	resp, err = app.Test(getReq)
	require.NoError(t, err)
	require.Equal(t, fiber.StatusOK, resp.StatusCode)

	postReq := httptest.NewRequest(fiber.MethodPost, "/", http.NoBody)
	postReq.Header.Set("X-Requested-With", "XMLHttpRequest")
	postReq.Header.Set(HeaderName, token)
	postReq.AddCookie(&http.Cookie{
		Name:  ConfigDefault.CookieName,
		Value: token,
	})
	resp, err = app.Test(postReq)
	require.NoError(t, err)
	require.Equal(t, fiber.StatusOK, resp.StatusCode)
}

Domain

Subdomains

Defined In

Source

Frequently Asked Questions

What does Test_CSRF_UnsafeHeaderValue() do?
Test_CSRF_UnsafeHeaderValue() is a function in the fiber codebase, defined in middleware/csrf/csrf_test.go.
Where is Test_CSRF_UnsafeHeaderValue() defined?
Test_CSRF_UnsafeHeaderValue() is defined in middleware/csrf/csrf_test.go at line 1788.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free