mirror of
https://github.com/complexcaresolutions/cms.c2sgmbh.git
synced 2026-03-17 18:34:13 +00:00
fix(ci): add BYPASS_CSRF control for security tests
- CSRF bypass in CI can be disabled with BYPASS_CSRF=false - Security integration tests set BYPASS_CSRF=false to test CSRF validation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
fdc6876207
commit
97ede2ceb9
2 changed files with 4 additions and 3 deletions
|
|
@ -120,7 +120,8 @@ export function validateCsrf(req: NextRequest): {
|
||||||
} {
|
} {
|
||||||
// 0. CI/Test-Modus: CSRF-Schutz deaktivieren wenn CI=true
|
// 0. CI/Test-Modus: CSRF-Schutz deaktivieren wenn CI=true
|
||||||
// Dies gilt für GitHub Actions E2E-Tests, wo CSRF-Token-Handling nicht praktikabel ist
|
// Dies gilt für GitHub Actions E2E-Tests, wo CSRF-Token-Handling nicht praktikabel ist
|
||||||
if (process.env.CI === 'true') {
|
// BYPASS_CSRF='false' kann gesetzt werden um CSRF in CI zu aktivieren (für Security-Tests)
|
||||||
|
if (process.env.CI === 'true' && process.env.BYPASS_CSRF !== 'false') {
|
||||||
return { valid: true }
|
return { valid: true }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -8,8 +8,8 @@
|
||||||
import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest'
|
import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest'
|
||||||
import { NextRequest, NextResponse } from 'next/server'
|
import { NextRequest, NextResponse } from 'next/server'
|
||||||
|
|
||||||
// Clear CI environment variable to ensure CSRF validation works normally during tests
|
// Enable CSRF validation in CI by setting BYPASS_CSRF=false
|
||||||
vi.stubEnv('CI', '')
|
vi.stubEnv('BYPASS_CSRF', 'false')
|
||||||
import {
|
import {
|
||||||
generateTestCsrfToken,
|
generateTestCsrfToken,
|
||||||
generateExpiredCsrfToken,
|
generateExpiredCsrfToken,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue