familienarchiv

Author	SHA1	Message	Date
Marcel	397fc3c7e4	test(security): add unit tests for cookies.ts CSRF utilities All checks were successful CI / Unit & Component Tests (pull_request) Successful in 3m40s Details CI / OCR Service Tests (pull_request) Successful in 22s Details CI / Backend Unit Tests (pull_request) Successful in 3m45s Details CI / fail2ban Regex (pull_request) Successful in 44s Details CI / Semgrep Security Scan (pull_request) Successful in 19s Details CI / Compose Bucket Idempotency (pull_request) Successful in 1m5s Details CI / Unit & Component Tests (push) Successful in 3m24s Details CI / OCR Service Tests (push) Successful in 22s Details CI / Backend Unit Tests (push) Successful in 3m35s Details CI / fail2ban Regex (push) Successful in 43s Details CI / Semgrep Security Scan (push) Successful in 20s Details CI / Compose Bucket Idempotency (push) Successful in 1m4s Details nightly / deploy-staging (push) Successful in 2m10s Details Covers getCsrfToken (cookie parsing, URL-decoding, server-side null), withCsrf (header injection, immutability, no-op when absent), makeCsrfFetch (method filtering, case-insensitivity, inner-vs-global), and csrfFetch (regression guard: vi.stubGlobal is honoured at call time, not bypassed by a module-level captured reference). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-30 11:55:55 +02:00