function FormTest::testGetFormsCsrfToken

CSRF tokens for GET forms should not be added by default.

File

core/modules/system/tests/src/Functional/Form/FormTest.php, line 334

Class

FormTest
Tests various form element validation mechanisms.

Namespace

Drupal\Tests\system\Functional\Form

Code

public function testGetFormsCsrfToken() : void {
  // We need to be logged in to have CSRF tokens.
  $account = $this->createUser();
  $this->drupalLogin($account);
  $this->drupalGet(Url::fromRoute('form_test.get_form'));
  $this->assertSession()
    ->responseNotContains('form_token');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.