CSRF_COOKIE header used by .submit() doesn't seem to match cookieJar #75

Open
mikemaccana opened this Issue Feb 16, 2012 · 0 comments

Comments

Projects
None yet
1 participant

Hi there,

I'm not sure of this is a bug or I'm missing something. But Tobi (which is otherwise excellent) seems to be sending a CSRF_COOKIE header that doesn't match anything in the cookieJar.

I'm positing a form using Tobi's submit() that fails CSRF verification (a regular desktop browser works fine).
The issue seems to be a difference between the form cookie and the HTTP Header.

console.log(browser.cookieJar.cookies)

Gives:

[ { str: 'csrftoken=8a09c3f0b62939458018f74020c6744e; expires=Thu, 14-Feb-2013 15:26:31 GMT; Max-Age=31449600; Path=/',
name: 'csrftoken',
csrftoken: '8a09c3f0b62939458018f74020c6744e',
expires: Thu, 14 Feb 2013 15:26:31 GMT,
'Max-Age': '31449600',
Path: '/',
value: '8a09c3f0b62939458018f74020c6744e' },
{ str: 'sessionid=d82a0a4a691481df3fb72b8f3b9e4d8a; expires=Thu, 01-Mar-2012 15:26:31 GMT; Max-Age=1209600; Path=/',
name: 'sessionid',
sessionid: 'd82a0a4a691481df3fb72b8f3b9e4d8a',
expires: Thu, 01 Mar 2012 15:26:31 GMT,
'Max-Age': '1209600',
Path: '/',
value: 'd82a0a4a691481df3fb72b8f3b9e4d8a' } ]

However, my server received the following from Tobi's in its HTTP headers:

'CSRF_COOKIE': '347767c1a4baef48ab0272ca6ccfdf5f'

Where did the CSRF_COOKIE value come from (or more to the point, why can't I see it in cookieJar?) Has anyone encountered anything similar in the past?

Thanks,

Mike

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment