Add cookiePath to CookieCsrfTokenRepository
Allow the csrf cookie path to be set instead of inferred from the request context. Fixes gh-4062
This commit is contained in:
committed by
Rob Winch
parent
c75a5b7279
commit
6834467389
@@ -150,6 +150,45 @@ public class CookieCsrfTokenRepositoryTests {
|
||||
assertThat(tokenCookie.isHttpOnly()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void saveTokenCustomPath() {
|
||||
String customPath = "/custompath";
|
||||
this.repository.setCookiePath(customPath);
|
||||
CsrfToken token = this.repository.generateToken(this.request);
|
||||
this.repository.saveToken(token, this.request, this.response);
|
||||
|
||||
Cookie tokenCookie = this.response
|
||||
.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
|
||||
|
||||
assertThat(tokenCookie.getPath()).isEqualTo(this.repository.getCookiePath());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void saveTokenEmptyCustomPath() {
|
||||
String customPath = "";
|
||||
this.repository.setCookiePath(customPath);
|
||||
CsrfToken token = this.repository.generateToken(this.request);
|
||||
this.repository.saveToken(token, this.request, this.response);
|
||||
|
||||
Cookie tokenCookie = this.response
|
||||
.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
|
||||
|
||||
assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void saveTokenNullCustomPath() {
|
||||
String customPath = null;
|
||||
this.repository.setCookiePath(customPath);
|
||||
CsrfToken token = this.repository.generateToken(this.request);
|
||||
this.repository.saveToken(token, this.request, this.response);
|
||||
|
||||
Cookie tokenCookie = this.response
|
||||
.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
|
||||
|
||||
assertThat(tokenCookie.getPath()).isEqualTo(this.request.getContextPath());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loadTokenNoCookiesNull() {
|
||||
assertThat(this.repository.loadToken(this.request)).isNull();
|
||||
|
||||
Reference in New Issue
Block a user