Infrastructure/astro
0
Fork 0
mirror of https://github.com/withastro/astro.git synced 2024-12-30 22:03:56 -05:00
Code Issues Activity

[ci] format

Browse source
This commit is contained in:
Emanuele Stoppa 2024-12-02 15:40:23 +00:00 committed by astrobot-houston
parent 315c5f3b2a
commit 10c6b8d720
2 changed files with 10 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
packages/astro/src/core/app/middlewares.ts
View file

@ -25,7 +25,7 @@ export function createOriginCheckMiddleware(): MiddlewareHandler {
if (isPrerendered) { if (isPrerendered) {
return next(); return next();
} }
if (request.method === "GET") { if (request.method === 'GET') {
return next(); return next();
} }
const sameOrigin = const sameOrigin =
@ -34,8 +34,8 @@ export function createOriginCheckMiddleware(): MiddlewareHandler {
request.method === 'PATCH' || request.method === 'PATCH' ||
request.method === 'DELETE') && request.method === 'DELETE') &&
request.headers.get('origin') === url.origin; request.headers.get('origin') === url.origin;
const hasContentType = request.headers.has('content-type') const hasContentType = request.headers.has('content-type');
if (hasContentType) { if (hasContentType) {
const formLikeHeader = hasFormLikeHeader(request.headers.get('content-type')); const formLikeHeader = hasFormLikeHeader(request.headers.get('content-type'));
if (formLikeHeader && !sameOrigin) { if (formLikeHeader && !sameOrigin) {
@ -51,7 +51,7 @@ export function createOriginCheckMiddleware(): MiddlewareHandler {
} }
} }
return next() return next();
}); });
} }

9
packages/astro/test/csrf-protection.test.js
View file

@ -48,17 +48,20 @@ describe('CSRF origin check', () => {
assert.equal(response.status, 403); assert.equal(response.status, 403);
request = new Request('http://example.com/api/', { request = new Request('http://example.com/api/', {
headers: { origin: 'http://loreum.com', 'content-type': 'application/x-www-form-urlencoded; some-other-value' }, headers: {
origin: 'http://loreum.com',
'content-type': 'application/x-www-form-urlencoded; some-other-value',
},
method: 'POST', method: 'POST',
}); });
response = await app.render(request); response = await app.render(request);
assert.equal(response.status, 403); assert.equal(response.status, 403);
request = new Request('http://example.com/api/', { request = new Request('http://example.com/api/', {
headers: { origin: 'http://loreum.com', }, headers: { origin: 'http://loreum.com' },
method: 'POST', method: 'POST',
credentials: 'include', credentials: 'include',
body: new Blob(["a=b"],{}) body: new Blob(['a=b'], {}),
}); });
response = await app.render(request); response = await app.render(request);
assert.equal(response.status, 403); assert.equal(response.status, 403);