-
-
Notifications
You must be signed in to change notification settings - Fork 10.7k
/
xsrf.spec.js
83 lines (64 loc) · 2.28 KB
/
xsrf.spec.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
var cookies = require('../../lib/helpers/cookies');
describe('xsrf', function () {
beforeEach(function () {
jasmine.Ajax.install();
});
afterEach(function () {
document.cookie = axios.defaults.xsrfCookieName + '=;expires=' + new Date(Date.now() - 86400000).toGMTString();
jasmine.Ajax.uninstall();
});
it('should not set xsrf header if cookie is null', function (done) {
axios('/foo');
getAjaxRequest().then(function (request) {
expect(request.requestHeaders[axios.defaults.xsrfHeaderName]).toEqual(undefined);
done();
});
});
it('should set xsrf header if cookie is set', function (done) {
document.cookie = axios.defaults.xsrfCookieName + '=12345';
axios('/foo');
getAjaxRequest().then(function (request) {
expect(request.requestHeaders[axios.defaults.xsrfHeaderName]).toEqual('12345');
done();
});
});
it('should not set xsrf header if xsrfCookieName is null', function (done) {
document.cookie = axios.defaults.xsrfCookieName + '=12345';
axios('/foo', {
xsrfCookieName: null
});
getAjaxRequest().then(function (request) {
expect(request.requestHeaders[axios.defaults.xsrfHeaderName]).toEqual(undefined);
done();
});
});
it('should not read cookies at all if xsrfCookieName is null', function (done) {
spyOn(cookies, "read");
axios('/foo', {
xsrfCookieName: null
});
getAjaxRequest().then(function (request) {
expect(cookies.read).not.toHaveBeenCalled();
done();
});
});
it('should not set xsrf header for cross origin', function (done) {
document.cookie = axios.defaults.xsrfCookieName + '=12345';
axios('http://example.com/');
getAjaxRequest().then(function (request) {
expect(request.requestHeaders[axios.defaults.xsrfHeaderName]).toEqual(undefined);
done();
});
});
it('should set xsrf header for cross origin when using withCredentials', function (done) {
document.cookie = axios.defaults.xsrfCookieName + '=12345';
axios('http://example.com/', {
withCredentials: true
});
getAjaxRequest().then(function (request) {
expect(request.withCredentials).toEqual(true);
expect(request.requestHeaders[axios.defaults.xsrfHeaderName]).toEqual('12345');
done();
});
});
});