furyhawk/deer-flow
1
0
Fork 0
mirror of https://github.com/bytedance/deer-flow.git synced 2026-06-11 01:45:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Align IM connections with local channels

Browse Source
This commit is contained in:
taohe
2026-06-10 22:16:47 +08:00
parent 92c185b90d
commit d06643d8a2
33 changed files with 588 additions and 1536 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/tests/test_csrf_middleware.py
+5 -8
View File
@@ -22,10 +22,6 @@ def _make_app() -> FastAPI:
async def protected_mutation():
return {"ok": True}
@app.post("/api/channels/webhooks/slack/events")
async def slack_events_webhook():
return {"ok": True}
return app
@@ -239,12 +235,13 @@ def test_non_auth_mutation_rejects_mismatched_double_submit_token():
assert response.json()["detail"] == "CSRF token mismatch."
def test_channel_webhook_post_skips_double_submit_csrf():
def test_channel_posts_require_double_submit_csrf():
client = TestClient(_make_app(), base_url="https://deerflow.example")
response = client.post(
"/api/channels/webhooks/slack/events",
headers={"Origin": "https://slack.com"},
"/api/channels/slack/connect",
headers={"Origin": "https://deerflow.example"},
)
assert response.status_code == 200
assert response.status_code == 403
assert response.json()["detail"] == "CSRF token missing. Include X-CSRF-Token header."