From f74c7910b72f41f4a72d8b6b1a683fcf9fbb244e Mon Sep 17 00:00:00 2001 From: Matthew Somerville Date: Tue, 5 Jul 2016 13:09:18 +0100 Subject: Fix CSRF issue with new login during process. If you had no session cookie, started reporting a problem, logged in through that process, you would then get a CSRF error as the token had been created before the session was. --- t/app/controller/report_new.t | 1 + 1 file changed, 1 insertion(+) (limited to 't/app/controller/report_new.t') diff --git a/t/app/controller/report_new.t b/t/app/controller/report_new.t index eb29d37da..ba550193e 100644 --- a/t/app/controller/report_new.t +++ b/t/app/controller/report_new.t @@ -701,6 +701,7 @@ subtest "test password errors for a user who is signing in as they report" => su subtest "test report creation for a user who is signing in as they report" => sub { $mech->log_out_ok; + $mech->cookie_jar({}); $mech->clear_emails_ok; # check that the user does not exist -- cgit v1.2.3