Skip to content

Latest commit

 

History

History
 
 

logging-in__csrf-tokens

logging-in-csrf-tokens

Dealing with CSRF token when trying to login

If you start this application with npm start and open localhost:7076 you will see a CSRF-protected login form login.hbs. You can login with username cypress and password password123 and get to the /dashboard view.

Login

  • Use cy.request() to get around CSRF protections.
  • Parse CSRF tokens out of HTML.
  • Parse CSRF tokens out of response headers.
  • Expose CSRF via a route.
  • Disable CSRF when not in production.

The tests in cypress/e2e/logging-in-csrf-tokens-spec.cy.js show various approaches to logging with CSRF token, utilizing cy.request to log in.

Tests

tip to start the server and run Cypress GUI use script npm run dev

Highly recommended: watch video "Organizing Tests, Logging In, Controlling State"