Skip to content

fix: add missing Origin header in POST tests blocked by CSRF middleware#124

Merged
mahata merged 2 commits intofeat/email-signupfrom
copilot/fix-github-actions-workflow-test
Mar 25, 2026
Merged

fix: add missing Origin header in POST tests blocked by CSRF middleware#124
mahata merged 2 commits intofeat/email-signupfrom
copilot/fix-github-actions-workflow-test

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 25, 2026
edited
Loading

Four POST tests in emailAuth.test.ts were returning 403 instead of expected status codes because the globally-applied csrf() middleware rejects requests without a valid Origin header.

Changes

  • hono/routes/emailAuth.test.ts: Added headers: { Origin: "http://localhost" } to the four POST test cases that omitted it:
    • POST /auth/login — expected 401 (wrong password) and 302 (successful login)
    • POST /auth/register — expected 409 (email exists) and 302 (successful registration)
const response = await app.request("/auth/login", {
  method: "POST",
  body: formData,
+ headers: { Origin: "http://localhost" },
});

The other tests in the same file that correctly tested CSRF rejection already included Origin: "http://evil.example.com", and passing tests already used Origin: "http://localhost" — the failing ones simply missed it.

Original prompt

Fix the failing GitHub Actions workflow test
Analyze the workflow logs, identify the root cause of the failure, and implement a fix.
Job ID: 68530461488
Job URL: https://github.com/mahata/mlack/actions/runs/23541624034/job/68530461488

⚡ Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast.

Copilot AI changed the title [WIP] Fix failing GitHub Actions workflow test fix: add missing Origin header in POST tests blocked by CSRF middleware Mar 25, 2026
Copilot AI requested a review from mahata March 25, 2026 14:00
@mahata mahata marked this pull request as ready for review March 25, 2026 14:10
@mahata mahata merged commit c9db52d into feat/email-signup Mar 25, 2026
1 check passed
@mahata mahata deleted the copilot/fix-github-actions-workflow-test branch March 25, 2026 14:10
mahata added a commit that referenced this pull request Mar 25, 2026
@mahata
Implement email authentication with login and registration (#120)
b116b35 
* feat(auth): implement email authentication with login and registration routes

* Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* test(emailAuth): add unit tests for success flows and conflict paths (#121)

* Initial plan

* test(emailAuth): add unit tests for success flows and conflict paths

Co-authored-by: mahata <23497+mahata@users.noreply.github.com>
Agent-Logs-Url: https://github.com/mahata/mlack/sessions/e8292715-c961-480d-8c1a-490e2db65f9a

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mahata <23497+mahata@users.noreply.github.com>

* fix: CSRF protection for email auth form endpoints (#122)

* Initial plan

* fix: add CSRF protection for email auth form endpoints

Co-authored-by: mahata <23497+mahata@users.noreply.github.com>
Agent-Logs-Url: https://github.com/mahata/mlack/sessions/81a07abc-5f9a-4910-8bdc-71951fdb71bb

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mahata <23497+mahata@users.noreply.github.com>

* fix: add missing Origin header in POST tests blocked by CSRF middleware (#124)

* Initial plan

* fix: add Origin header to POST tests blocked by CSRF middleware

Co-authored-by: mahata <23497+mahata@users.noreply.github.com>
Agent-Logs-Url: https://github.com/mahata/mlack/sessions/86a80766-f33f-4962-ba8e-c5907a70e520

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mahata <23497+mahata@users.noreply.github.com>

* Initial plan (#125)

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>

* fix: add Origin header to E2E test requests blocked by CSRF middleware (#126)

* Initial plan

* fix: add Origin header to E2E test requests blocked by CSRF middleware

Co-authored-by: mahata <23497+mahata@users.noreply.github.com>
Agent-Logs-Url: https://github.com/mahata/mlack/sessions/edbeed38-429c-4f9f-beb6-cf8d58dc7ec4

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mahata <23497+mahata@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mahata <23497+mahata@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mahata mahata Awaiting requested review from mahata

Assignees

@mahata mahata

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mahata