Added functional tests for Antiforgery related to setting no-cache headers

2016-10-28 10:36:13 -07:00 · 2016-10-28 10:36:13 -07:00 · 82b2e9c75c
parent c28ad48e98
commit 82b2e9c75c
3 changed files with 51 additions and 0 deletions
--- a/test/Microsoft.AspNetCore.Mvc.FunctionalTests/AntiforgeryTests.cs
+++ b/test/Microsoft.AspNetCore.Mvc.FunctionalTests/AntiforgeryTests.cs
@ -36,6 +36,10 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
            // Even though there are two forms there should only be one response cookie,
            // as for the second form, the cookie from the first token should be reused.
            Assert.Single(setCookieHeader);
+
+            Assert.True(response.Headers.CacheControl.NoCache);
+            var pragmaValue = Assert.Single(response.Headers.Pragma.ToArray());
+            Assert.Equal("no-cache", pragmaValue.Name);
        }

        [Fact]
@ -84,6 +88,10 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests

            var setCookieHeader = response.Headers.GetValues("Set-Cookie").ToArray();
            Assert.Single(setCookieHeader);
+
+            Assert.True(response.Headers.CacheControl.NoCache);
+            var pragmaValue = Assert.Single(response.Headers.Pragma.ToArray());
+            Assert.Equal("no-cache", pragmaValue.Name);
        }

        [Fact]
@ -145,5 +153,27 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
            // Assert
            Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
        }
+
+        [Fact]
+        public async Task AntiforgeryTokenGeneration_SetsDoNotCacheHeaders_OverridesExistingCachingHeaders()
+        {
+            // Arrange & Act
+            var response = await Client.GetAsync("http://localhost/Antiforgery/AntiforgeryTokenAndResponseCaching");
+
+            // Assert
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            var header = Assert.Single(response.Headers.GetValues("X-Frame-Options"));
+            Assert.Equal("SAMEORIGIN", header);
+
+            var setCookieHeader = response.Headers.GetValues("Set-Cookie").ToArray();
+
+            // Even though there are two forms there should only be one response cookie,
+            // as for the second form, the cookie from the first token should be reused.
+            Assert.Single(setCookieHeader);
+
+            Assert.True(response.Headers.CacheControl.NoCache);
+            var pragmaValue = Assert.Single(response.Headers.Pragma.ToArray());
+            Assert.Equal("no-cache", pragmaValue.Name);
+        }
    }
 }
--- a/test/WebSites/BasicWebSite/Controllers/AntiforgeryController.cs
+++ b/test/WebSites/BasicWebSite/Controllers/AntiforgeryController.cs
@ -56,5 +56,13 @@ namespace BasicWebSite.Controllers
        {
            return "OK";
        }
+
+        [HttpGet]
+        [AllowAnonymous]
+        [ResponseCache(Duration = 60)]
+        public ActionResult AntiforgeryTokenAndResponseCaching()
+        {
+            return View();
+        }
    }
 }
--- a/test/WebSites/BasicWebSite/Views/Antiforgery/AntiforgeryTokenAndResponseCaching.cshtml
+++ b/test/WebSites/BasicWebSite/Views/Antiforgery/AntiforgeryTokenAndResponseCaching.cshtml
@ -0,0 +1,13 @@
+
+@{
+    ViewData["Title"] = "Antiforgery token and response caching";
+}
+
+<h2>@ViewData["Title"]</h2>
+
+@using (Html.BeginForm("Login", "Antiforgery", FormMethod.Post, new { @class = "form-horizontal", role = "form" }))
+{
+    <label>Name</label>
+    <input type="text" name="Name" />
+    <input type="submit" />
+}