Skip to content

Commit

Permalink
Backport elastic#7696 to 4.x
Browse files Browse the repository at this point in the history
  • Loading branch information
@lukasolson
lukasolson committed Aug 5, 2016
1 parent 3727e0a commit cea41cd
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 5 deletions.
11 changes: 7 additions & 4 deletions src/server/http/__tests__/xsrf.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import { resolve } from 'path';
const requireFromTest = require('requirefrom')('test');
const kbnTestServer = requireFromTest('utils/kbn_server');

const nonDestructiveMethods = ['GET'];
const nonDestructiveMethods = ['GET', 'HEAD'];
const destructiveMethods = ['POST', 'PUT', 'DELETE'];
const src = resolve.bind(null, __dirname, '../../../../src');

Expand All @@ -30,9 +30,10 @@ describe('xsrf request filter', function () {

await kbnServer.ready();

const routeMethods = nonDestructiveMethods.filter(method => method !== 'HEAD').concat(destructiveMethods);
kbnServer.server.route({
path: '/xsrf/test/route',
method: [...nonDestructiveMethods, ...destructiveMethods],
method: routeMethods,
handler: function (req, reply) {
reply(null, 'ok');
}
Expand All @@ -54,7 +55,8 @@ describe('xsrf request filter', function () {
});

expect(resp.statusCode).to.be(200);
expect(resp.payload).to.be('ok');
if (method === 'HEAD') expect(resp.payload).to.be.empty();
else expect(resp.payload).to.be('ok');
});

it('failes on invalid tokens', async function () {
Expand All @@ -68,7 +70,8 @@ describe('xsrf request filter', function () {

expect(resp.statusCode).to.be(400);
expect(resp.headers).to.have.property(xsrfHeader, version);
expect(resp.payload).to.match(/"Browser client is out of date/);
if (method === 'HEAD') expect(resp.payload).to.be.empty();
else expect(resp.payload).to.match(/"Browser client is out of date/);
});
});
}
Expand Down
2 changes: 1 addition & 1 deletion src/server/http/xsrf.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ export default function (kbnServer, server, config) {
const header = 'kbn-version';

server.ext('onPostAuth', function (req, reply) {
const noHeaderGet = req.method === 'get' && !req.headers[header];
const noHeaderGet = (req.method === 'get' || req.method === 'head') && !req.headers[header];
if (disabled || noHeaderGet) return reply.continue();

const submission = req.headers[header];
Expand Down

0 comments on commit cea41cd

Please sign in to comment.