public function CsrfTest::testCookieAuth in Zircon Profile 8
Same name and namespace in other branches
- 8.0 core/modules/rest/src/Tests/CsrfTest.php \Drupal\rest\Tests\CsrfTest::testCookieAuth()
Tests that CSRF check is triggered for Cookie Auth requests.
File
- core/
modules/ rest/ src/ Tests/ CsrfTest.php, line 78 - Contains \Drupal\rest\Tests\CsrfTest.
Class
- CsrfTest
- Tests the CSRF protection.
Namespace
Drupal\rest\TestsCode
public function testCookieAuth() {
$this
->drupalLogin($this->account);
$curl_options = $this
->getCurlOptions();
// Try to create an entity without the CSRF token.
// Note: this will fail with PHP 5.6 when always_populate_raw_post_data is
// set to something other than -1. See https://www.drupal.org/node/2456025.
$this
->curlExec($curl_options);
$this
->assertResponse(403);
// Ensure that the entity was not created.
$this
->assertFalse(entity_load_multiple($this->testEntityType, NULL, TRUE), 'No entity has been created in the database.');
// Create an entity with the CSRF token.
$token = $this
->drupalGet('rest/session/token');
$curl_options[CURLOPT_HTTPHEADER][] = "X-CSRF-Token: {$token}";
$this
->curlExec($curl_options);
$this
->assertResponse(201);
// Ensure that the entity was created.
$loaded_entity = $this
->loadEntityFromLocationHeader($this
->drupalGetHeader('location'));
$this
->assertTrue($loaded_entity, 'An entity was created in the database');
}