37 lines
1.2 KiB
TypeScript
37 lines
1.2 KiB
TypeScript
import { describe, expect, it, beforeEach, afterEach } from 'vitest';
|
|
import { buildCsrfHeaders } from '../csrf';
|
|
|
|
describe('buildCsrfHeaders', () => {
|
|
beforeEach(() => {
|
|
localStorage.setItem('device-id', 'device-123');
|
|
});
|
|
|
|
afterEach(() => {
|
|
localStorage.clear();
|
|
document.head.querySelectorAll('meta[name="csrf-token"]').forEach((node) => node.remove());
|
|
document.cookie = 'XSRF-TOKEN=; expires=Thu, 01 Jan 1970 00:00:00 GMT; path=/';
|
|
});
|
|
|
|
it('reads token from meta tag', () => {
|
|
const meta = document.createElement('meta');
|
|
meta.setAttribute('name', 'csrf-token');
|
|
meta.setAttribute('content', 'meta-token');
|
|
document.head.appendChild(meta);
|
|
|
|
const headers = buildCsrfHeaders('device-xyz');
|
|
expect(headers['X-CSRF-TOKEN']).toBe('meta-token');
|
|
expect(headers['X-XSRF-TOKEN']).toBe('meta-token');
|
|
expect(headers['X-Device-Id']).toBe('device-xyz');
|
|
});
|
|
|
|
it('falls back to cookie token', () => {
|
|
const raw = btoa('cookie-token');
|
|
document.cookie = `XSRF-TOKEN=${raw}; path=/`;
|
|
|
|
const headers = buildCsrfHeaders();
|
|
expect(headers['X-CSRF-TOKEN']).toBe('cookie-token');
|
|
expect(headers['X-XSRF-TOKEN']).toBe('cookie-token');
|
|
expect(headers['X-Device-Id']).toBe('device-123');
|
|
});
|
|
});
|