From 37a42dc40855fda87343099755613e1ab9b599bf Mon Sep 17 00:00:00 2001
From: Audrius Butkevicius <audrius.butkevicius@gmail.com>
Date: Tue, 30 Jun 2015 19:38:27 +0100
Subject: [PATCH] Fix CSRF tests (fixes #2009)

---
 test/http_test.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/test/http_test.go b/test/http_test.go
index e4fa3d3f..a9888f55 100644
--- a/test/http_test.go
+++ b/test/http_test.go
@@ -204,6 +204,7 @@ func TestPOSTWithoutCSRF(t *testing.T) {
 	}
 	res.Body.Close()
 	hdr := res.Header.Get("Set-Cookie")
+	id := res.Header.Get("X-Syncthing-ID")[:5]
 	if !strings.Contains(hdr, "CSRF-Token") {
 		t.Error("Missing CSRF-Token in", hdr)
 	}
@@ -214,7 +215,8 @@ func TestPOSTWithoutCSRF(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	req.Header.Set("X-CSRF-Token", hdr[len("CSRF-Token="):])
+
+	req.Header.Set("X-CSRF-Token-"+id, hdr[len("CSRF-Token-"+id+"="):])
 	res, err = http.DefaultClient.Do(req)
 	if err != nil {
 		t.Fatal(err)
@@ -230,7 +232,7 @@ func TestPOSTWithoutCSRF(t *testing.T) {
 	if err != nil {
 		t.Fatal(err)
 	}
-	req.Header.Set("X-CSRF-Token", hdr[len("CSRF-Token="):]+"X")
+	req.Header.Set("X-CSRF-Token-"+id, hdr[len("CSRF-Token-"+id+"="):]+"X")
 	res, err = http.DefaultClient.Do(req)
 	if err != nil {
 		t.Fatal(err)