40 lines
1.5 KiB
C#
40 lines
1.5 KiB
C#
// Copyright (c) Microsoft Open Technologies, Inc. All rights reserved.
|
|
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
|
|
|
|
using System;
|
|
using System.Linq;
|
|
using System.Net;
|
|
using System.Threading.Tasks;
|
|
using Microsoft.AspNet.Builder;
|
|
using Microsoft.AspNet.TestHost;
|
|
using Xunit;
|
|
|
|
namespace Microsoft.AspNet.Mvc.FunctionalTests
|
|
{
|
|
public class AntiForgeryTests
|
|
{
|
|
private readonly IServiceProvider _services = TestHelper.CreateServices("AntiForgeryWebSite");
|
|
private readonly Action<IBuilder> _app = new AntiForgeryWebSite.Startup().Configure;
|
|
|
|
[Fact]
|
|
public async Task MultipleAFTokensWithinTheSamePage_AreAllowed()
|
|
{
|
|
// Arrange
|
|
var server = TestServer.Create(_services, _app);
|
|
var client = server.CreateClient();
|
|
|
|
// Act
|
|
var response = await client.GetAsync("http://localhost/Account/Login");
|
|
|
|
//Assert
|
|
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
|
|
var header = Assert.Single(response.Headers.GetValues("X-Frame-Options"));
|
|
Assert.Equal("SAMEORIGIN", header);
|
|
|
|
var setCookieHeader = response.Headers.GetValues("Set-Cookie").ToArray();
|
|
Assert.Equal(2, setCookieHeader.Length);
|
|
Assert.True(setCookieHeader[0].StartsWith("__RequestVerificationToken"));
|
|
Assert.True(setCookieHeader[1].StartsWith("__RequestVerificationToken"));
|
|
}
|
|
}
|
|
} |