diff options
| author | Andrei Belov <defan@nginx.com> | 2020-11-19 21:19:57 +0300 |
|---|---|---|
| committer | Andrei Belov <defan@nginx.com> | 2020-11-19 21:19:57 +0300 |
| commit | 7f9079a3cd4cdb6ac3fea53f10bd34fe8b82fe9c (patch) | |
| tree | c79dc48a3260156f3f824ecd299e5a4934d749c5 /test/test_http_header.py | |
| parent | 646d047e5d12515ceac02279b373601ce0752982 (diff) | |
| parent | 806a9b2515c60b12a68cd97af04f7fa5cb4dffed (diff) | |
| download | unit-7f9079a3cd4cdb6ac3fea53f10bd34fe8b82fe9c.tar.gz unit-7f9079a3cd4cdb6ac3fea53f10bd34fe8b82fe9c.tar.bz2 | |
Merged with the default branch.1.21.0-1
Diffstat (limited to 'test/test_http_header.py')
| -rw-r--r-- | test/test_http_header.py | 114 |
1 files changed, 78 insertions, 36 deletions
diff --git a/test/test_http_header.py b/test/test_http_header.py index 8381a0d9..fdb557cf 100644 --- a/test/test_http_header.py +++ b/test/test_http_header.py @@ -154,54 +154,58 @@ Connection: close def test_http_header_field_leading_sp(self): self.load('empty') - resp = self.get( - headers={ - 'Host': 'localhost', - ' Custom-Header': 'blah', - 'Connection': 'close', - } - ) - - assert resp['status'] == 400, 'field leading sp' + assert ( + self.get( + headers={ + 'Host': 'localhost', + ' Custom-Header': 'blah', + 'Connection': 'close', + } + )['status'] + == 400 + ), 'field leading sp' def test_http_header_field_leading_htab(self): self.load('empty') - resp = self.get( - headers={ - 'Host': 'localhost', - '\tCustom-Header': 'blah', - 'Connection': 'close', - } - ) - - assert resp['status'] == 400, 'field leading htab' + assert ( + self.get( + headers={ + 'Host': 'localhost', + '\tCustom-Header': 'blah', + 'Connection': 'close', + } + )['status'] + == 400 + ), 'field leading htab' def test_http_header_field_trailing_sp(self): self.load('empty') - resp = self.get( - headers={ - 'Host': 'localhost', - 'Custom-Header ': 'blah', - 'Connection': 'close', - } - ) - - assert resp['status'] == 400, 'field trailing sp' + assert ( + self.get( + headers={ + 'Host': 'localhost', + 'Custom-Header ': 'blah', + 'Connection': 'close', + } + )['status'] + == 400 + ), 'field trailing sp' def test_http_header_field_trailing_htab(self): self.load('empty') - resp = self.get( - headers={ - 'Host': 'localhost', - 'Custom-Header\t': 'blah', - 'Connection': 'close', - } - ) - - assert resp['status'] == 400, 'field trailing htab' + assert ( + self.get( + headers={ + 'Host': 'localhost', + 'Custom-Header\t': 'blah', + 'Connection': 'close', + } + )['status'] + == 400 + ), 'field trailing htab' def test_http_header_content_length_big(self): self.load('empty') @@ -427,3 +431,41 @@ Connection: close )['status'] == 400 ), 'Host multiple fields' + + def test_http_discard_unsafe_fields(self): + self.load('header_fields') + + def check_status(header): + resp = self.get( + headers={ + 'Host': 'localhost', + header: 'blah', + 'Connection': 'close', + } + ) + + assert resp['status'] == 200 + return resp + + resp = check_status("!Custom-Header") + assert 'CUSTOM' not in resp['headers']['All-Headers'] + + resp = check_status("Custom_Header") + assert 'CUSTOM' not in resp['headers']['All-Headers'] + + assert 'success' in self.conf( + {'http': {'discard_unsafe_fields': False}}, 'settings', + ) + + resp = check_status("!#$%&'*+.^`|~Custom_Header") + assert 'CUSTOM' in resp['headers']['All-Headers'] + + assert 'success' in self.conf( + {'http': {'discard_unsafe_fields': True}}, 'settings', + ) + + resp = check_status("!Custom-Header") + assert 'CUSTOM' not in resp['headers']['All-Headers'] + + resp = check_status("Custom_Header") + assert 'CUSTOM' not in resp['headers']['All-Headers'] |