From eb48088887563da50b3e38c858b2d313d904568d Mon Sep 17 00:00:00 2001
From: Martin Porwoll <martin.porwoll@complexcaresolutions.de>
Date: Mon, 15 Dec 2025 13:42:19 +0000
Subject: [PATCH] fix(ci): use process.env directly for BYPASS_CSRF setting
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

vi.stubEnv doesn't work reliably with dynamically imported modules.
Using direct process.env assignment instead.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 tests/int/security-api.int.spec.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/int/security-api.int.spec.ts b/tests/int/security-api.int.spec.ts
index 46e47c1..2a75dea 100644
--- a/tests/int/security-api.int.spec.ts
+++ b/tests/int/security-api.int.spec.ts
@@ -9,7 +9,8 @@ import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest'
 import { NextRequest, NextResponse } from 'next/server'
 
 // Enable CSRF validation in CI by setting BYPASS_CSRF=false
-vi.stubEnv('BYPASS_CSRF', 'false')
+// This must be set before any module imports that read this variable
+process.env.BYPASS_CSRF = 'false'
 import {
   generateTestCsrfToken,
   generateExpiredCsrfToken,