SEC-2439: HttpSessionCsrfTokenRepository setHeaderName sets header instead of parameter

This commit is contained in:
Rob Winch
2013-12-13 15:36:30 -06:00
parent 4708287ad3
commit ca1080fb96
2 changed files with 18 additions and 6 deletions

View File

@@ -64,6 +64,17 @@ public class HttpSessionCsrfTokenRepositoryTests {
assertThat(token.getToken()).isNotEmpty();
}
@Test
public void generateCustomHeader() {
String headerName = "CSRF";
repo.setHeaderName(headerName);
token = repo.generateToken(request);
assertThat(token.getHeaderName()).isEqualTo(headerName);
assertThat(token.getToken()).isNotEmpty();
}
@Test
public void loadTokenNull() {
assertThat(repo.loadToken(request)).isNull();
@@ -116,7 +127,7 @@ public class HttpSessionCsrfTokenRepositoryTests {
public void saveTokenNullTokenWhenSessionNotExists() {
repo.saveToken(null, request, response);
assertThat(request.getSession(false)).isNull();
}