Problem with Kerodon tests and 2 forms

ring-clojure / ring-anti-forgery

Ring middleware to prevent CSRF attacks

119 stars 26 forks source link

Problem with Kerodon tests and 2 forms #4

Closed strika closed 9 years ago

strika commented 9 years ago

I have a problem with Kerodon tests when they go through 2 forms. This is what happens:

tests opens a page and there is a form with token
tests clicks a link and opens another page with a form and token
test submits the form
test receives "Invalid token" response

If I however skip step 1. and go to the second page with a form directly, I don't get the error.

Also, I didn't notice this happening in production environment.

Is the question more suitable for Kerodon library?

Thanks.

weavejester commented 9 years ago

If this isn't occurring in a real environment, then it seems more likely an issue with Kerodon, or how you're using it. Are you keeping the same session?

strika commented 9 years ago

Thanks for the quick response. I believe Kerodon should keep the same session.

I'll try there. Thanks again.

strika commented 9 years ago

This is a confirmed bug in Kerodon/Peridot.