diff options
| author | zeripath <art27@cantab.net> | 2021-07-08 14:57:24 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-07-08 15:57:24 +0200 |
| commit | d06f9ce27452ec0b80d548242bf59d65f89952bf (patch) | |
| tree | 4aa1997f067b0fa420aee731eb40bddbdfd1a5a8 /integrations | |
| parent | fc1607b3686a5c8c79b9a7853c065a68dcd5218b (diff) | |
| download | gitea-d06f9ce27452ec0b80d548242bf59d65f89952bf.tar.gz gitea-d06f9ce27452ec0b80d548242bf59d65f89952bf.zip | |
Redirect on bad CSRF instead of presenting bad page (#14937)
The current CSRF handler is a bit harsh with bad CSRF tokens on webpages
I think we can be a little kinder and redirect to base page with a flash error
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'integrations')
| -rw-r--r-- | integrations/repo_branch_test.go | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/integrations/repo_branch_test.go b/integrations/repo_branch_test.go index de4e668987..af5c475ea7 100644 --- a/integrations/repo_branch_test.go +++ b/integrations/repo_branch_test.go @@ -11,6 +11,7 @@ import ( "strings" "testing" + "code.gitea.io/gitea/modules/setting" "code.gitea.io/gitea/modules/test" "github.com/stretchr/testify/assert" @@ -134,5 +135,13 @@ func TestCreateBranchInvalidCSRF(t *testing.T) { "_csrf": "fake_csrf", "new_branch_name": "test", }) - session.MakeRequest(t, req, http.StatusBadRequest) + resp := session.MakeRequest(t, req, http.StatusFound) + loc := resp.Header().Get("Location") + assert.Equal(t, setting.AppSubURL+"/", loc) + resp = session.MakeRequest(t, NewRequest(t, "GET", loc), http.StatusOK) + htmlDoc := NewHTMLParser(t, resp.Body) + assert.Equal(t, + "Bad Request: Invalid CSRF token", + strings.TrimSpace(htmlDoc.doc.Find(".ui.message").Text()), + ) } |