Added functional tests for Antiforgery related to setting no-cache headers
This commit is contained in:
parent
c28ad48e98
commit
82b2e9c75c
|
|
@ -36,6 +36,10 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
|
||||||
// Even though there are two forms there should only be one response cookie,
|
// Even though there are two forms there should only be one response cookie,
|
||||||
// as for the second form, the cookie from the first token should be reused.
|
// as for the second form, the cookie from the first token should be reused.
|
||||||
Assert.Single(setCookieHeader);
|
Assert.Single(setCookieHeader);
|
||||||
|
|
||||||
|
Assert.True(response.Headers.CacheControl.NoCache);
|
||||||
|
var pragmaValue = Assert.Single(response.Headers.Pragma.ToArray());
|
||||||
|
Assert.Equal("no-cache", pragmaValue.Name);
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
|
|
@ -84,6 +88,10 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
|
||||||
|
|
||||||
var setCookieHeader = response.Headers.GetValues("Set-Cookie").ToArray();
|
var setCookieHeader = response.Headers.GetValues("Set-Cookie").ToArray();
|
||||||
Assert.Single(setCookieHeader);
|
Assert.Single(setCookieHeader);
|
||||||
|
|
||||||
|
Assert.True(response.Headers.CacheControl.NoCache);
|
||||||
|
var pragmaValue = Assert.Single(response.Headers.Pragma.ToArray());
|
||||||
|
Assert.Equal("no-cache", pragmaValue.Name);
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
|
|
@ -145,5 +153,27 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
|
||||||
// Assert
|
// Assert
|
||||||
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
|
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public async Task AntiforgeryTokenGeneration_SetsDoNotCacheHeaders_OverridesExistingCachingHeaders()
|
||||||
|
{
|
||||||
|
// Arrange & Act
|
||||||
|
var response = await Client.GetAsync("http://localhost/Antiforgery/AntiforgeryTokenAndResponseCaching");
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
|
||||||
|
var header = Assert.Single(response.Headers.GetValues("X-Frame-Options"));
|
||||||
|
Assert.Equal("SAMEORIGIN", header);
|
||||||
|
|
||||||
|
var setCookieHeader = response.Headers.GetValues("Set-Cookie").ToArray();
|
||||||
|
|
||||||
|
// Even though there are two forms there should only be one response cookie,
|
||||||
|
// as for the second form, the cookie from the first token should be reused.
|
||||||
|
Assert.Single(setCookieHeader);
|
||||||
|
|
||||||
|
Assert.True(response.Headers.CacheControl.NoCache);
|
||||||
|
var pragmaValue = Assert.Single(response.Headers.Pragma.ToArray());
|
||||||
|
Assert.Equal("no-cache", pragmaValue.Name);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -56,5 +56,13 @@ namespace BasicWebSite.Controllers
|
||||||
{
|
{
|
||||||
return "OK";
|
return "OK";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[HttpGet]
|
||||||
|
[AllowAnonymous]
|
||||||
|
[ResponseCache(Duration = 60)]
|
||||||
|
public ActionResult AntiforgeryTokenAndResponseCaching()
|
||||||
|
{
|
||||||
|
return View();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -0,0 +1,13 @@
|
||||||
|
|
||||||
|
@{
|
||||||
|
ViewData["Title"] = "Antiforgery token and response caching";
|
||||||
|
}
|
||||||
|
|
||||||
|
<h2>@ViewData["Title"]</h2>
|
||||||
|
|
||||||
|
@using (Html.BeginForm("Login", "Antiforgery", FormMethod.Post, new { @class = "form-horizontal", role = "form" }))
|
||||||
|
{
|
||||||
|
<label>Name</label>
|
||||||
|
<input type="text" name="Name" />
|
||||||
|
<input type="submit" />
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue