Added functional tests for Antiforgery related to setting no-cache he…

…aders
liubiaoyong · Nov 2, 2016 · 82b2e9c · 82b2e9c
1 parent c28ad48
commit 82b2e9c
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 0 deletions.
diff --git a/test/Microsoft.AspNetCore.Mvc.FunctionalTests/AntiforgeryTests.cs b/test/Microsoft.AspNetCore.Mvc.FunctionalTests/AntiforgeryTests.cs
@@ -36,6 +36,10 @@ public async Task MultipleAFTokensWithinTheSamePage_GeneratesASingleCookieToken(
             // Even though there are two forms there should only be one response cookie,
             // as for the second form, the cookie from the first token should be reused.
             Assert.Single(setCookieHeader);
+
+            Assert.True(response.Headers.CacheControl.NoCache);
+            var pragmaValue = Assert.Single(response.Headers.Pragma.ToArray());
+            Assert.Equal("no-cache", pragmaValue.Name);
         }
 
         [Fact]
@@ -84,6 +88,10 @@ public async Task SetCookieAndHeaderBeforeFlushAsync_GeneratesCookieTokenAndHead
 
             var setCookieHeader = response.Headers.GetValues("Set-Cookie").ToArray();
             Assert.Single(setCookieHeader);
+
+            Assert.True(response.Headers.CacheControl.NoCache);
+            var pragmaValue = Assert.Single(response.Headers.Pragma.ToArray());
+            Assert.Equal("no-cache", pragmaValue.Name);
         }
 
         [Fact]
@@ -145,5 +153,27 @@ public async Task Antiforgery_HeaderNotSet_SendsBadRequest()
             // Assert
             Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
         }
+
+        [Fact]
+        public async Task AntiforgeryTokenGeneration_SetsDoNotCacheHeaders_OverridesExistingCachingHeaders()
+        {
+            // Arrange & Act
+            var response = await Client.GetAsync("http://localhost/Antiforgery/AntiforgeryTokenAndResponseCaching");
+
+            // Assert
+            Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+            var header = Assert.Single(response.Headers.GetValues("X-Frame-Options"));
+            Assert.Equal("SAMEORIGIN", header);
+
+            var setCookieHeader = response.Headers.GetValues("Set-Cookie").ToArray();
+
+            // Even though there are two forms there should only be one response cookie,
+            // as for the second form, the cookie from the first token should be reused.
+            Assert.Single(setCookieHeader);
+
+            Assert.True(response.Headers.CacheControl.NoCache);
+            var pragmaValue = Assert.Single(response.Headers.Pragma.ToArray());
+            Assert.Equal("no-cache", pragmaValue.Name);
+        }
     }
 }
diff --git a/test/WebSites/BasicWebSite/Controllers/AntiforgeryController.cs b/test/WebSites/BasicWebSite/Controllers/AntiforgeryController.cs
@@ -56,5 +56,13 @@ public string FlushAsyncLogin(LoginViewModel model)
         {
             return "OK";
         }
+
+        [HttpGet]
+        [AllowAnonymous]
+        [ResponseCache(Duration = 60)]
+        public ActionResult AntiforgeryTokenAndResponseCaching()
+        {
+            return View();
+        }
     }
 }
diff --git a/test/WebSites/BasicWebSite/Views/Antiforgery/AntiforgeryTokenAndResponseCaching.cshtml b/test/WebSites/BasicWebSite/Views/Antiforgery/AntiforgeryTokenAndResponseCaching.cshtml
@@ -0,0 +1,13 @@
+
+@{
+    ViewData["Title"] = "Antiforgery token and response caching";
+}
+
+<h2>@ViewData["Title"]</h2>
+
+@using (Html.BeginForm("Login", "Antiforgery", FormMethod.Post, new { @class = "form-horizontal", role = "form" }))
+{
+    <label>Name</label>
+    <input type="text" name="Name" />
+    <input type="submit" />
+}