0
0
mirror of https://github.com/honojs/hono.git synced 2024-11-24 19:26:56 +01:00

Merge commit from fork

This commit is contained in:
Yusuke Wada 2024-10-15 17:16:47 +09:00 committed by GitHub
parent f9e6ea7382
commit aa50e0ab77
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 10 additions and 1 deletions

View File

@ -206,6 +206,15 @@ describe('CSRF by Middleware', () => {
expect(res.status).toBe(403)
expect(simplePostHandler).not.toHaveBeenCalled()
})
it('should be 403 if the content-type is not set', async () => {
const res = await app.request('/form', {
method: 'POST',
body: new Blob(['test'], {}),
})
expect(res.status).toBe(403)
expect(simplePostHandler).not.toHaveBeenCalled()
})
})
describe('with origin option', () => {

View File

@ -76,7 +76,7 @@ export const csrf = (options?: CSRFOptions): MiddlewareHandler => {
return async function csrf(c, next) {
if (
!isSafeMethodRe.test(c.req.method) &&
isRequestedByFormElementRe.test(c.req.header('content-type') || '') &&
isRequestedByFormElementRe.test(c.req.header('content-type') || 'text/plain') &&
!isAllowedOrigin(c.req.header('origin'), c)
) {
const res = new Response('Forbidden', {