Skip to content

Commit 653312e

Browse files
sixcolorssixcolors
committed
refactor: enhance SameSite cookie tests for case insensitivity and secure attribute validation
1 parent c84e69c commit 653312e

File tree

1 file changed

+76
-41
lines changed

1 file changed

+76
-41
lines changed

ctx_test.go

Lines changed: 76 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -1265,57 +1265,92 @@ func Test_Ctx_Cookie_SameSite_CaseInsensitive(t *testing.T) {
12651265
// go test -run Test_Ctx_Cookie_SameSite_None_Secure
12661266
func Test_Ctx_Cookie_SameSite_None_Secure(t *testing.T) {
12671267
t.Parallel()
1268-
app := New()
12691268

1270-
tests := []struct {
1271-
name string
1272-
sameSite string
1273-
expectedContain string
1274-
initialSecure bool
1275-
expectedSecure bool
1269+
testCases := []struct {
1270+
name string
1271+
cookie *Cookie
1272+
expectedInHeader string
1273+
shouldBeSecure bool
12761274
}{
1277-
// Strict
1278-
{name: "Strict lowercase", sameSite: "strict", expectedContain: "SameSite=Strict", initialSecure: false, expectedSecure: false},
1279-
{name: "Strict uppercase", sameSite: "STRICT", expectedContain: "SameSite=Strict", initialSecure: true, expectedSecure: true},
1280-
// Lax
1281-
{name: "Lax mixed case", sameSite: "lAx", expectedContain: "SameSite=Lax", initialSecure: false, expectedSecure: false},
1282-
{name: "Lax proper case", sameSite: "Lax", expectedContain: "SameSite=Lax", initialSecure: true, expectedSecure: true},
1283-
// None - should always be secure
1284-
{name: "None lowercase", sameSite: "none", expectedContain: "SameSite=None", initialSecure: false, expectedSecure: true},
1285-
{name: "None uppercase", sameSite: "NONE", expectedContain: "SameSite=None", initialSecure: true, expectedSecure: true},
1286-
// Disabled
1287-
{name: "Disabled", sameSite: "disabled", expectedContain: "", initialSecure: false, expectedSecure: false},
1288-
{name: "Disabled Secure", sameSite: "disabled", expectedContain: "", initialSecure: true, expectedSecure: true},
1289-
// Invalid values default to Lax
1290-
{name: "Invalid value", sameSite: "invalid", expectedContain: "SameSite=Lax", initialSecure: false, expectedSecure: false},
1291-
{name: "Empty value", sameSite: "", expectedContain: "SameSite=Lax", initialSecure: true, expectedSecure: true},
1275+
{
1276+
name: "Empty value",
1277+
cookie: &Cookie{
1278+
Name: "test",
1279+
Value: "value",
1280+
SameSite: "",
1281+
},
1282+
expectedInHeader: "SameSite=Lax",
1283+
shouldBeSecure: false,
1284+
},
1285+
{
1286+
name: "None uppercase",
1287+
cookie: &Cookie{
1288+
Name: "test",
1289+
Value: "value",
1290+
SameSite: "None",
1291+
},
1292+
expectedInHeader: "SameSite=None",
1293+
shouldBeSecure: true,
1294+
},
1295+
{
1296+
name: "None lowercase",
1297+
cookie: &Cookie{
1298+
Name: "test",
1299+
Value: "value",
1300+
SameSite: "none",
1301+
},
1302+
expectedInHeader: "SameSite=None",
1303+
shouldBeSecure: true,
1304+
},
1305+
{
1306+
name: "Lax proper case",
1307+
cookie: &Cookie{
1308+
Name: "test",
1309+
Value: "value",
1310+
SameSite: "Lax",
1311+
},
1312+
expectedInHeader: "SameSite=Lax",
1313+
shouldBeSecure: false,
1314+
},
1315+
{
1316+
name: "Strict uppercase",
1317+
cookie: &Cookie{
1318+
Name: "test",
1319+
Value: "value",
1320+
SameSite: "STRICT",
1321+
},
1322+
expectedInHeader: "SameSite=Strict",
1323+
shouldBeSecure: false,
1324+
},
1325+
{
1326+
name: "Disabled Secure",
1327+
cookie: &Cookie{
1328+
Name: "test",
1329+
Value: "value",
1330+
SameSite: "none",
1331+
Secure: false,
1332+
},
1333+
expectedInHeader: "SameSite=None",
1334+
shouldBeSecure: true,
1335+
},
12921336
}
12931337

1294-
for _, tc := range tests {
1338+
for _, tc := range testCases {
12951339
t.Run(tc.name, func(t *testing.T) {
12961340
t.Parallel()
1297-
c := app.AcquireCtx(&fasthttp.RequestCtx{})
1298-
defer app.ReleaseCtx(c)
1341+
app := New()
1342+
ctx := app.AcquireCtx(&fasthttp.RequestCtx{})
1343+
defer app.ReleaseCtx(ctx)
12991344

1300-
cookie := &Cookie{
1301-
Name: "test",
1302-
Value: "value",
1303-
SameSite: tc.sameSite,
1304-
Secure: tc.initialSecure,
1305-
}
1306-
c.Cookie(cookie)
1307-
header := c.Res().Get(HeaderSetCookie)
1345+
ctx.Cookie(tc.cookie)
13081346

1309-
if tc.expectedContain == "" {
1310-
require.NotContains(t, header, "SameSite")
1311-
} else {
1312-
require.Contains(t, header, tc.expectedContain)
1313-
}
1347+
cookie := string(ctx.Response().Header.PeekCookie(tc.cookie.Name))
1348+
require.Contains(t, cookie, tc.expectedInHeader)
13141349

1315-
if tc.expectedSecure {
1316-
require.Contains(t, header, "Secure")
1350+
if tc.shouldBeSecure {
1351+
require.Contains(t, cookie, "secure")
13171352
} else {
1318-
require.NotContains(t, header, "Secure")
1353+
require.NotContains(t, cookie, "secure")
13191354
}
13201355
})
13211356
}

0 commit comments

Comments
 (0)