Skip to content

fix: add Origin header to E2E test requests blocked by CSRF middleware#126

Merged
mahata merged 2 commits intofeat/email-signupfrom
copilot/68545645293-fix-github-actions-e2e
Mar 25, 2026
Merged

fix: add Origin header to E2E test requests blocked by CSRF middleware#126
mahata merged 2 commits intofeat/email-signupfrom
copilot/68545645293-fix-github-actions-e2e

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Mar 25, 2026
edited
Loading

The feat/email-signup branch added app.use("*", csrf()) globally, which rejects POST requests without a matching Origin header. Playwright's page.request.post() is a raw HTTP client and does not add Origin automatically, causing every /test/login and /test/logout call to receive 403 and all E2E tests to fail at the auth step.

Changes

  • e2e/auth-helpers.ts — export shared TEST_ORIGIN = "http://localhost:3000" constant; pass it as Origin header on the /test/login request
  • e2e/app.spec.ts — import TEST_ORIGIN; pass it on the /test/logout request
  • e2e/database-persistence.spec.ts — same as above
// before
const response = await page.request.post("/test/login");

// after
const response = await page.request.post("/test/login", {
  headers: { Origin: TEST_ORIGIN },
});
Original prompt

Fix the failing GitHub Actions workflow e2e
Analyze the workflow logs, identify the root cause of the failure, and implement a fix.
Job ID: 68545645293
Job URL: https://github.com/mahata/mlack/actions/runs/23545831252/job/68545645293

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI changed the title [WIP] Fix failing GitHub Actions workflow e2e fix: add Origin header to E2E test requests blocked by CSRF middleware Mar 25, 2026
Copilot AI requested a review from mahata March 25, 2026 14:33
@mahata mahata marked this pull request as ready for review March 25, 2026 14:47
@mahata mahata merged commit be0c386 into feat/email-signup Mar 25, 2026
1 check passed
@mahata mahata deleted the copilot/68545645293-fix-github-actions-e2e branch March 25, 2026 14:48
mahata added a commit that referenced this pull request Mar 25, 2026
@mahata
Implement email authentication with login and registration (#120)
b116b35 
* feat(auth): implement email authentication with login and registration routes

* Apply suggestion from @Copilot

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* test(emailAuth): add unit tests for success flows and conflict paths (#121)

* Initial plan

* test(emailAuth): add unit tests for success flows and conflict paths

Co-authored-by: mahata <23497+mahata@users.noreply.github.com>
Agent-Logs-Url: https://github.com/mahata/mlack/sessions/e8292715-c961-480d-8c1a-490e2db65f9a

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mahata <23497+mahata@users.noreply.github.com>

* fix: CSRF protection for email auth form endpoints (#122)

* Initial plan

* fix: add CSRF protection for email auth form endpoints

Co-authored-by: mahata <23497+mahata@users.noreply.github.com>
Agent-Logs-Url: https://github.com/mahata/mlack/sessions/81a07abc-5f9a-4910-8bdc-71951fdb71bb

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mahata <23497+mahata@users.noreply.github.com>

* fix: add missing Origin header in POST tests blocked by CSRF middleware (#124)

* Initial plan

* fix: add Origin header to POST tests blocked by CSRF middleware

Co-authored-by: mahata <23497+mahata@users.noreply.github.com>
Agent-Logs-Url: https://github.com/mahata/mlack/sessions/86a80766-f33f-4962-ba8e-c5907a70e520

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mahata <23497+mahata@users.noreply.github.com>

* Initial plan (#125)

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>

* fix: add Origin header to E2E test requests blocked by CSRF middleware (#126)

* Initial plan

* fix: add Origin header to E2E test requests blocked by CSRF middleware

Co-authored-by: mahata <23497+mahata@users.noreply.github.com>
Agent-Logs-Url: https://github.com/mahata/mlack/sessions/edbeed38-429c-4f9f-beb6-cf8d58dc7ec4

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mahata <23497+mahata@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
Co-authored-by: mahata <23497+mahata@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mahata mahata Awaiting requested review from mahata

Assignees

@mahata mahata

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mahata