feat(security): implement CSRF protection
This commit is contained in:
AdrianAcala
+27
-17
@@ -17,49 +17,56 @@ const BACKEND_URL = process.env.API_URL || `http://localhost:${BACKEND_PORT}`;
|
||||
*/
|
||||
export default defineConfig({
|
||||
testDir: "./tests",
|
||||
|
||||
|
||||
// Run tests in parallel
|
||||
fullyParallel: true,
|
||||
|
||||
|
||||
// Fail the build on test.only() in CI
|
||||
forbidOnly: !!process.env.CI,
|
||||
|
||||
|
||||
// Retry on CI only
|
||||
retries: process.env.CI ? 2 : 0,
|
||||
|
||||
|
||||
// Limit parallel workers in CI
|
||||
workers: process.env.CI ? 1 : undefined,
|
||||
|
||||
|
||||
// Reporter configuration
|
||||
reporter: [
|
||||
["list"],
|
||||
["html", { outputFolder: "playwright-report" }],
|
||||
[
|
||||
"html",
|
||||
{
|
||||
// Useful when a previous Docker run produced root-owned artifacts.
|
||||
// Allows local runs to redirect output without editing the config.
|
||||
outputFolder: process.env.PLAYWRIGHT_REPORT_DIR || "playwright-report",
|
||||
},
|
||||
],
|
||||
],
|
||||
|
||||
|
||||
// Output folder for test artifacts
|
||||
outputDir: "test-results",
|
||||
|
||||
outputDir: process.env.PLAYWRIGHT_OUTPUT_DIR || "test-results",
|
||||
|
||||
// Global timeout for each test
|
||||
timeout: 60000,
|
||||
|
||||
|
||||
// Expect timeout
|
||||
expect: {
|
||||
timeout: 10000,
|
||||
},
|
||||
|
||||
|
||||
use: {
|
||||
// Base URL for page.goto()
|
||||
baseURL: FRONTEND_URL,
|
||||
|
||||
|
||||
// Collect trace on first retry
|
||||
trace: "on-first-retry",
|
||||
|
||||
|
||||
// Screenshot on failure
|
||||
screenshot: "only-on-failure",
|
||||
|
||||
|
||||
// Video on failure
|
||||
video: "on-first-retry",
|
||||
|
||||
|
||||
// Headed mode based on env var
|
||||
headless: process.env.HEADED !== "true",
|
||||
},
|
||||
@@ -67,7 +74,7 @@ export default defineConfig({
|
||||
projects: [
|
||||
{
|
||||
name: "chromium",
|
||||
use: {
|
||||
use: {
|
||||
...devices["Desktop Chrome"],
|
||||
// Viewport for consistent screenshots
|
||||
viewport: { width: 1280, height: 720 },
|
||||
@@ -85,8 +92,11 @@ export default defineConfig({
|
||||
stdout: "pipe",
|
||||
stderr: "pipe",
|
||||
env: {
|
||||
DATABASE_URL: "file:./prisma/dev.db",
|
||||
// Prisma resolves relative SQLite paths from the schema directory (backend/prisma).
|
||||
// Using `file:./dev.db` avoids accidentally creating `prisma/prisma/dev.db`.
|
||||
DATABASE_URL: "file:./dev.db",
|
||||
FRONTEND_URL,
|
||||
CSRF_MAX_REQUESTS: "1000",
|
||||
},
|
||||
},
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user