From 8330e1ea0522b3e59f39ea25e5d62eef628a6703 Mon Sep 17 00:00:00 2001 From: rcourtman Date: Wed, 12 Nov 2025 21:13:46 +0000 Subject: [PATCH] Fix API update test to send CSRF token --- tests/integration/api/update_flow_test.go | 29 ++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/tests/integration/api/update_flow_test.go b/tests/integration/api/update_flow_test.go index 836869904..e57650af3 100644 --- a/tests/integration/api/update_flow_test.go +++ b/tests/integration/api/update_flow_test.go @@ -142,7 +142,8 @@ func applyUpdate(t *testing.T, client *http.Client, baseURL, downloadURL string) resp := doJSONRequest(t, client, "POST", baseURL+"/api/updates/apply", payload) defer resp.Body.Close() if resp.StatusCode != http.StatusOK { - t.Fatalf("apply update failed with status %s", resp.Status) + body, _ := io.ReadAll(resp.Body) + t.Fatalf("apply update failed with status %s: %s", resp.Status, string(body)) } } @@ -199,6 +200,11 @@ func doRequest(t *testing.T, client *http.Client, method, endpoint string, body if len(contentType) > 0 && contentType[0] != "" { req.Header.Set("Content-Type", contentType[0]) } + if client != nil && client.Jar != nil && methodRequiresCSRF(method) { + if token := csrfTokenForURL(client.Jar, req.URL); token != "" { + req.Header.Set("X-CSRF-Token", token) + } + } resp, err := client.Do(req) if err != nil { t.Fatalf("request %s %s failed: %v", method, endpoint, err) @@ -219,3 +225,24 @@ func getenvDefault(key, fallback string) string { } return fallback } + +func methodRequiresCSRF(method string) bool { + switch method { + case http.MethodGet, http.MethodHead, http.MethodOptions, http.MethodTrace: + return false + default: + return true + } +} + +func csrfTokenForURL(jar http.CookieJar, target *url.URL) string { + if jar == nil || target == nil { + return "" + } + for _, c := range jar.Cookies(target) { + if c.Name == "pulse_csrf" && c.Value != "" { + return c.Value + } + } + return "" +}