[Fixes #101] Cookie path is always / in IIS
This commit is contained in:
parent
c3476cf327
commit
ad90db343c
|
|
@ -69,8 +69,9 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
Debug.Assert(httpContext != null);
|
Debug.Assert(httpContext != null);
|
||||||
Debug.Assert(token != null);
|
Debug.Assert(token != null);
|
||||||
|
|
||||||
var options = new CookieOptions() { HttpOnly = true };
|
var options = new CookieOptions();
|
||||||
|
options.HttpOnly = true;
|
||||||
|
options.Path = httpContext.Request.PathBase;
|
||||||
// Note: don't use "newCookie.Secure = _options.RequireSSL;" since the default
|
// Note: don't use "newCookie.Secure = _options.RequireSSL;" since the default
|
||||||
// value of newCookie.Secure is poulated out of band.
|
// value of newCookie.Secure is poulated out of band.
|
||||||
if (_options.RequireSsl)
|
if (_options.RequireSsl)
|
||||||
|
|
|
||||||
|
|
@ -245,10 +245,13 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor
|
bool defaultCookieSecureValue = expectedCookieSecureFlag ?? false; // pulled from config; set by ctor
|
||||||
var cookies = new MockResponseCookieCollection();
|
var cookies = new MockResponseCookieCollection();
|
||||||
|
|
||||||
var mockHttpContext = new Mock<HttpContext>();
|
var httpContext = new Mock<HttpContext>();
|
||||||
mockHttpContext
|
httpContext
|
||||||
.Setup(o => o.Response.Cookies)
|
.Setup(o => o.Response.Cookies)
|
||||||
.Returns(cookies);
|
.Returns(cookies);
|
||||||
|
httpContext
|
||||||
|
.SetupGet(hc => hc.Request.PathBase)
|
||||||
|
.Returns("/");
|
||||||
|
|
||||||
var options = new AntiforgeryOptions()
|
var options = new AntiforgeryOptions()
|
||||||
{
|
{
|
||||||
|
|
@ -259,7 +262,7 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
||||||
|
|
||||||
// Act
|
// Act
|
||||||
tokenStore.SaveCookieToken(mockHttpContext.Object, token);
|
tokenStore.SaveCookieToken(httpContext.Object, token);
|
||||||
|
|
||||||
// Assert
|
// Assert
|
||||||
Assert.Equal(1, cookies.Count);
|
Assert.Equal(1, cookies.Count);
|
||||||
|
|
@ -270,6 +273,41 @@ namespace Microsoft.AspNetCore.Antiforgery.Internal
|
||||||
Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure);
|
Assert.Equal(defaultCookieSecureValue, cookies.Options.Secure);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Theory]
|
||||||
|
[InlineData("/")]
|
||||||
|
[InlineData("/vdir1")]
|
||||||
|
[InlineData("/vdir1/vdir2")]
|
||||||
|
public void SaveCookieToken_SetsCookieWithApproriatePathBase(string requestPathBase)
|
||||||
|
{
|
||||||
|
// Arrange
|
||||||
|
var token = "serialized-value";
|
||||||
|
var cookies = new MockResponseCookieCollection();
|
||||||
|
var httpContext = new Mock<HttpContext>();
|
||||||
|
httpContext
|
||||||
|
.Setup(hc => hc.Response.Cookies)
|
||||||
|
.Returns(cookies);
|
||||||
|
httpContext
|
||||||
|
.SetupGet(hc => hc.Request.PathBase)
|
||||||
|
.Returns(requestPathBase);
|
||||||
|
httpContext
|
||||||
|
.SetupGet(hc => hc.Request.Path)
|
||||||
|
.Returns("/index.html");
|
||||||
|
var options = new AntiforgeryOptions();
|
||||||
|
options.CookieName = _cookieName;
|
||||||
|
var tokenStore = new DefaultAntiforgeryTokenStore(new TestOptionsManager(options));
|
||||||
|
|
||||||
|
// Act
|
||||||
|
tokenStore.SaveCookieToken(httpContext.Object, token);
|
||||||
|
|
||||||
|
// Assert
|
||||||
|
Assert.Equal(1, cookies.Count);
|
||||||
|
Assert.NotNull(cookies);
|
||||||
|
Assert.Equal(_cookieName, cookies.Key);
|
||||||
|
Assert.Equal("serialized-value", cookies.Value);
|
||||||
|
Assert.True(cookies.Options.HttpOnly);
|
||||||
|
Assert.Equal(requestPathBase, cookies.Options.Path);
|
||||||
|
}
|
||||||
|
|
||||||
private HttpContext GetHttpContext(string cookieName, string cookieValue)
|
private HttpContext GetHttpContext(string cookieName, string cookieValue)
|
||||||
{
|
{
|
||||||
var cookies = new RequestCookieCollection(new Dictionary<string, string>
|
var cookies = new RequestCookieCollection(new Dictionary<string, string>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue