jprdonnelly/freeCodeCamp
1
0
Fork 0
mirror of https://github.com/freeCodeCamp/freeCodeCamp.git synced 2026-04-09 01:01:04 -04:00
Code Issues Projects Releases Wiki Activity

refactor: move CSRF code into plugin (#56447)

Browse Source
This commit is contained in:
Oliver Eyton-Williams
2024-10-04 14:56:04 +02:00
committed by GitHub
parent 86527f448c
commit ced457fed5
8 changed files with 167 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
api/src/server.test.ts
View File

@@ -1,5 +1,5 @@
import { setupServer, superRequest } from '../jest.utils';
import { HOME_LOCATION, COOKIE_DOMAIN } from './utils/env';
import { HOME_LOCATION } from './utils/env';
jest.mock('./utils/env', () => {
// eslint-disable-next-line @typescript-eslint/no-unsafe-return
@@ -12,26 +12,6 @@ jest.mock('./utils/env', () => {
describe('server', () => {
setupServer();
describe('CSRF protection', () => {
it('should receive a new CSRF token with the expected properties', async () => {
const response = await superRequest('/status/ping', { method: 'GET' });
const newCookies = response.get('Set-Cookie');
const csrfTokenCookie = newCookies.find(cookie =>
cookie.includes('csrf_token')
);
expect(csrfTokenCookie).toEqual(
expect.stringContaining('SameSite=Strict')
);
expect(csrfTokenCookie).toEqual(
expect.stringContaining(`Domain=${COOKIE_DOMAIN}`)
);
expect(csrfTokenCookie).toEqual(expect.stringContaining('Path=/'));
// Since we're not mocking FREECODECAMP_NODE_ENV to production, there's no
// point checking if it is secure (it won't be in testing).
});
});
describe('GET /', () => {
test('should have OWASP recommended headers', async () => {
const res = await superRequest('/', { method: 'GET' });