Added XSRF prevention logic to $xhr service

author: Misko Hevery 2011-03-10 13:50:00 -0800
committer: Misko Hevery 2011-03-11 14:16:53 -0800
commit: c578f8c3ed0ca23b03ccde146cb13cfaf24f17cd (patch)
tree: 12182c82ee4411091b6d92f81829dd52f8792e27 /test
parent: 5b05c0de036f77db0cc493082e21b1451c6b9a5f (diff)
download: angular.js-c578f8c3ed0ca23b03ccde146cb13cfaf24f17cd.tar.bz2
2 files changed, 58 insertions, 5 deletions
diff --git a/test/BrowserSpecs.js b/test/BrowserSpecs.js
index 180a7fa8..6951783b 100644
--- a/test/BrowserSpecs.js
+++ b/test/BrowserSpecs.js
@@ -24,11 +24,20 @@ describe('browser', function(){
 
     var fakeBody = {append: function(node){scripts.push(node);}};
 
-    var fakeXhr = function(){
+    var FakeXhr = function(){
       xhr = this;
-      this.open = noop;
-      this.setRequestHeader = noop;
-      this.send = noop;
+      this.open = function(method, url, async){
+        xhr.method = method;
+        xhr.url = url;
+        xhr.async = async;
+        xhr.headers = {};
+      };
+      this.setRequestHeader = function(key, value){
+        xhr.headers[key] = value;
+      };
+      this.send = function(post){
+        xhr.post = post;
+      };
     };
 
     logs = {log:[], warn:[], info:[], error:[]};
@@ -38,7 +47,7 @@ describe('browser', function(){
                    info: function() { logs.info.push(slice.call(arguments)); },
                    error: function() { logs.error.push(slice.call(arguments)); }};
 
-    browser = new Browser(fakeWindow, jqLite(window.document), fakeBody, fakeXhr,
+    browser = new Browser(fakeWindow, jqLite(window.document), fakeBody, FakeXhr,
                           fakeLog);
   });
 
@@ -85,6 +94,33 @@ describe('browser', function(){
         expect(typeof fakeWindow[url[1]]).toEqual('undefined');
       });
     });
+
+    it('should set headers for all requests', function(){
+      var code, response, headers = {};
+      browser.xhr('METHOD', 'URL', 'POST', function(c,r){
+        code = c;
+        response = r;
+      }, {'X-header': 'value'});
+
+      expect(xhr.method).toEqual('METHOD');
+      expect(xhr.url).toEqual('URL');
+      expect(xhr.post).toEqual('POST');
+      expect(xhr.headers).toEqual({
+        "Content-Type": "application/x-www-form-urlencoded",
+        "Accept": "application/json, text/plain, */*",
+        "X-Requested-With": "XMLHttpRequest",
+        "X-header":"value"
+      });
+
+      xhr.status = 202;
+      xhr.responseText = 'RESPONSE';
+      xhr.readyState = 4;
+      xhr.onreadystatechange();
+
+      expect(code).toEqual(202);
+      expect(response).toEqual('RESPONSE');
+    });
+
   });
 
 
diff --git a/test/service/xhrSpec.js b/test/service/xhrSpec.js
index 66dbe94d..39bc1c66 100644
--- a/test/service/xhrSpec.js
+++ b/test/service/xhrSpec.js
@@ -101,4 +101,21 @@ describe('$xhr', function() {
 
     expect(response).toEqual([1, 'abc', {foo:'bar'}]);
   });
+
+  describe('xsrf', function(){
+    it('should copy the XSRF cookie into a XSRF Header', function(){
+      var code, response;
+      $browserXhr
+        .expectPOST('URL', 'DATA', {'X-XSRF-TOKEN': 'secret'})
+        .respond(234, 'OK');
+      $browser.cookies('XSRF-TOKEN', 'secret');
+      $xhr('POST', 'URL', 'DATA', function(c, r){
+        code = c;
+        response = r;
+      });
+      $browserXhr.flush();
+      expect(code).toEqual(234);
+      expect(response).toEqual('OK');
+    });
+  });
 });
author	Misko Hevery	2011-03-10 13:50:00 -0800
committer	Misko Hevery	2011-03-11 14:16:53 -0800
commit	c578f8c3ed0ca23b03ccde146cb13cfaf24f17cd (patch)
tree	12182c82ee4411091b6d92f81829dd52f8792e27 /test
parent	5b05c0de036f77db0cc493082e21b1451c6b9a5f (diff)
download	angular.js-c578f8c3ed0ca23b03ccde146cb13cfaf24f17cd.tar.bz2