From c9846bc0539025dad19ff8794eef557e0ddb14b3 Mon Sep 17 00:00:00 2001 From: Guy Korland Date: Sat, 28 Feb 2026 01:08:00 +0200 Subject: [PATCH] fix(e2e): read CSRF token from storageState cookies before seeding When the Playwright request fixture loads storageState (from auth setup), the csrf_token cookie is already present. The server's _ensure_csrf_cookie skips setting a new Set-Cookie when the cookie already exists in the request. This caused getCsrfToken() to return undefined, so all POST/DELETE API calls in E2E tests failed with 'CSRF token missing or invalid'. Fix: check the context's storageState for an existing csrf_token cookie before falling back to the seed GET request. Fixes CI Playwright test failures for database connection and chat tests. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- e2e/infra/api/apiRequests.ts | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/e2e/infra/api/apiRequests.ts b/e2e/infra/api/apiRequests.ts index ef0e8bd0..144745f8 100644 --- a/e2e/infra/api/apiRequests.ts +++ b/e2e/infra/api/apiRequests.ts @@ -24,11 +24,24 @@ const csrfCache = new WeakMap(); /** * Seed the CSRF cookie on the given request context by making a lightweight * GET (only on the first call), then return the cached token value. + * + * When the context already carries the csrf_token cookie (e.g. loaded from + * storageState), the server won't emit a new Set-Cookie header. In that + * case we read the token directly from the context's stored cookies. */ async function getCsrfToken(baseUrl: string, ctx: APIRequestContext): Promise { const cached = csrfCache.get(ctx); if (cached) return cached; + // Check if the csrf_token cookie already exists in the context (from storageState) + const state = await ctx.storageState(); + const existingCookie = state.cookies.find(c => c.name === 'csrf_token'); + if (existingCookie) { + csrfCache.set(ctx, existingCookie.value); + return existingCookie.value; + } + + // No existing cookie — seed it with a lightweight GET request const seedResp = await ctx.get(`${baseUrl}/auth-status`); const setCookies = seedResp.headersArray() .filter(h => h.name.toLowerCase() === 'set-cookie')