next.js/test/e2e/app-dir/actions-allowed-origins/app-action-disallowed-origins.test.ts
app-action-disallowed-origins.test.ts34 lines887 B
import { nextTestSetup } from 'e2e-utils'
import { check } from 'next-test-utils'
import { join } from 'path'

describe('app-dir action disallowed origins', () => {
  const { next, skipped } = nextTestSetup({
    files: join(__dirname, 'unsafe-origins'),
    skipDeployment: true,
    dependencies: {
      'server-only': 'latest',
    },
  })

  if (skipped) {
    return
  }

  // Origin should be localhost
  it('should error if x-forwarded-host does not match the origin', async function () {
    const browser = await next.browser('/')

    await browser.elementByCss('button').click()

    await check(async () => {
      const t = await browser.elementByCss('#res').text()
      return t.includes('Invalid Server Actions request.') ||
        // In prod the message is hidden
        t.includes('https://react.dev/errors/441')
        ? 'yes'
        : 'no'
    }, 'yes')
  })
})
Quest for Codev2.0.0
/
SIGN IN