You are here

Home » API reference » Security Kit 8 » SecKitTestCaseTest.php » SecKitTestCaseTest

public function SecKitTestCaseTest::testOriginDeny in Security Kit 8

Same name and namespace in other branches
  1. 2.x tests/src/Functional/SecKitTestCaseTest.php \Drupal\Tests\seckit\Functional\SecKitTestCaseTest::testOriginDeny()

Tests HTTP Origin denies request.

File

tests/src/Functional/SecKitTestCaseTest.php, line 432

Class

SecKitTestCaseTest
Functional tests for Security Kit.

Namespace

Drupal\Tests\seckit\Functional

Code

public function testOriginDeny() {
  $form['seckit_csrf[origin]'] = TRUE;
  $this
    ->drupalPostForm('admin/config/system/seckit', $form, t('Save configuration'));
  $this->originHeader = 'http://www.example.com';
  $this
    ->drupalPostForm('admin/config/system/seckit', $form, t('Save configuration'));
  $this
    ->assertEqual([], $_POST, t('POST is empty.'));
  $this
    ->assertSession()
    ->statusCodeEquals(403);
}