New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to retrieve X-CSRF-TOKEN using Header #187

Closed
rkamiset opened this Issue Jan 13, 2017 · 1 comment

Comments

Projects
None yet
2 participants
@rkamiset

rkamiset commented Jan 13, 2017

Citrus currently supports to retrieve the cookie info (httpOnly) using the standard header name "Set-Cookie" by default:
SMSESSION
auth-site-info
auth-user-info

X-CSRF-TOKEN is missing. Am I missing anything here? Is there any other header name, that I should use to fetch the authcsrftoken?

PS: It may sound similar to #184 but appreciate any workaround to fetch the csrftoken here. Thanks.

@christophd christophd added this to the SOMEDAY milestone Jan 17, 2017

@christophd christophd added READY and removed BACKLOG labels Mar 25, 2017

@christophd christophd modified the milestones: v2.7.2, SOMEDAY May 29, 2017

@christophd christophd added IN PROGRESS and removed READY labels Jun 30, 2017

@christophd christophd self-assigned this Jun 30, 2017

@christophd

This comment has been minimized.

Member

christophd commented Jun 30, 2017

When client send Http header X-CSRF-TOKEN I am able to receive and validate this header on server side with:

<http:header name="X-CSRF-TOKEN" value="${csrfToken}"/>

I do not see why this header should not be handled on Citrus Http server. Extract from header mechanism in receive action should also work. You can also add this header to the response header and client will get this header, too.

@christophd christophd added TO REVIEW and removed IN PROGRESS labels Jun 30, 2017

christophd added a commit that referenced this issue Jul 3, 2017

@christophd christophd closed this Jul 3, 2017

@christophd christophd removed the TO REVIEW label Jul 3, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment