New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XSRF plugin for Angular #207
Conversation
dc7e336
to
8e99b57
Compare
wantHeader: map[string][]string{ | ||
"Content-Type": {"text/plain; charset=utf-8"}, | ||
"X-Content-Type-Options": {"nosniff"}, | ||
}, | ||
wantBody: "Forbidden\n", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These assertions feel like we are testing the framework rather than just the plugin. I would personally just test for status here. If you want to be thorough maybe also body, but the header check I think should only be a "I added a cookie or not", which would allow you to merge this test with the one above.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, but we tested for the headers everywhere and I mostly did it for uniformity across tests. I suggest removing these checks, if you think they are not needed, in a follow-up PR.
d04794f
to
8eb6872
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are the non-Angular files just moved? If yes, have you used git mv
to indicate that?
… adding the OnError methods
…ne and created file that contains helper functions used by both. Refactored some logic according to code review
It seemed that it correctly moved everything besides one file (because we kept |
…enCookieName and TokenHeaderName to their default values as indicated by the documentation
8eb6872
to
c399974
Compare
c0f24b9
to
a2d86a0
Compare
ca34450
to
6f29698
Compare
Fixes #194
Created a separate plugin that provides protection against XSRF in Angular. More details can be found here: https://docs.angularjs.org/api/ng/service/$http#cross-site-request-forgery-xsrf-protection
Changed the directory tree to include the two XSRF plugins in the same directory with the functionality used by both placed in a separate file.