SEC-2439: HttpSessionCsrfTokenRepository setHeaderName sets header instead of parameter
This commit is contained in:
@@ -64,6 +64,17 @@ public class HttpSessionCsrfTokenRepositoryTests {
|
||||
assertThat(token.getToken()).isNotEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void generateCustomHeader() {
|
||||
String headerName = "CSRF";
|
||||
repo.setHeaderName(headerName);
|
||||
|
||||
token = repo.generateToken(request);
|
||||
|
||||
assertThat(token.getHeaderName()).isEqualTo(headerName);
|
||||
assertThat(token.getToken()).isNotEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void loadTokenNull() {
|
||||
assertThat(repo.loadToken(request)).isNull();
|
||||
@@ -116,7 +127,7 @@ public class HttpSessionCsrfTokenRepositoryTests {
|
||||
public void saveTokenNullTokenWhenSessionNotExists() {
|
||||
|
||||
repo.saveToken(null, request, response);
|
||||
|
||||
|
||||
assertThat(request.getSession(false)).isNull();
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user