|
|
@@ -22,6 +22,7 @@ use Cake\Http\ServerRequest;
|
|
|
use Cake\TestSuite\TestCase;
|
|
|
use Psr\Http\Message\ServerRequestInterface;
|
|
|
use TestApp\Http\TestRequestHandler;
|
|
|
+use Zend\Diactoros\Response\RedirectResponse;
|
|
|
|
|
|
/**
|
|
|
* Test for CsrfProtection
|
|
|
@@ -120,6 +121,31 @@ class CsrfProtectionMiddlewareTest extends TestCase
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
+ * Test that the CSRF tokens are not set for redirect responses
|
|
|
+ *
|
|
|
+ * @return void
|
|
|
+ */
|
|
|
+ public function testRedirectResponseCookiesNotSet()
|
|
|
+ {
|
|
|
+ $request = new ServerRequest([
|
|
|
+ 'environment' => ['REQUEST_METHOD' => 'GET'],
|
|
|
+ ]);
|
|
|
+ $expectedResponse = new RedirectResponse('/');
|
|
|
+ $handler = new TestRequestHandler(function ($request) use ($expectedResponse) {
|
|
|
+
|
|
|
+ return $expectedResponse;
|
|
|
+ });
|
|
|
+
|
|
|
+ $middleware = $this->getMockBuilder(CsrfProtectionMiddleware::class)
|
|
|
+ ->onlyMethods(['_addTokenCookie'])
|
|
|
+ ->getMock();
|
|
|
+ $middleware->expects($this->never())
|
|
|
+ ->method('_addTokenCookie');
|
|
|
+ $response = $middleware->process($request, $handler);
|
|
|
+ $this->assertSame($expectedResponse, $response);
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
* Test that the X-CSRF-Token works with the various http methods.
|
|
|
*
|
|
|
* @dataProvider httpMethodProvider
|
ADmad