summaryrefslogtreecommitdiffhomepage
path: root/test/test_http_header.py
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--test/test_http_header.py114
1 files changed, 78 insertions, 36 deletions
diff --git a/test/test_http_header.py b/test/test_http_header.py
index 8381a0d9..fdb557cf 100644
--- a/test/test_http_header.py
+++ b/test/test_http_header.py
@@ -154,54 +154,58 @@ Connection: close
def test_http_header_field_leading_sp(self):
self.load('empty')
- resp = self.get(
- headers={
- 'Host': 'localhost',
- ' Custom-Header': 'blah',
- 'Connection': 'close',
- }
- )
-
- assert resp['status'] == 400, 'field leading sp'
+ assert (
+ self.get(
+ headers={
+ 'Host': 'localhost',
+ ' Custom-Header': 'blah',
+ 'Connection': 'close',
+ }
+ )['status']
+ == 400
+ ), 'field leading sp'
def test_http_header_field_leading_htab(self):
self.load('empty')
- resp = self.get(
- headers={
- 'Host': 'localhost',
- '\tCustom-Header': 'blah',
- 'Connection': 'close',
- }
- )
-
- assert resp['status'] == 400, 'field leading htab'
+ assert (
+ self.get(
+ headers={
+ 'Host': 'localhost',
+ '\tCustom-Header': 'blah',
+ 'Connection': 'close',
+ }
+ )['status']
+ == 400
+ ), 'field leading htab'
def test_http_header_field_trailing_sp(self):
self.load('empty')
- resp = self.get(
- headers={
- 'Host': 'localhost',
- 'Custom-Header ': 'blah',
- 'Connection': 'close',
- }
- )
-
- assert resp['status'] == 400, 'field trailing sp'
+ assert (
+ self.get(
+ headers={
+ 'Host': 'localhost',
+ 'Custom-Header ': 'blah',
+ 'Connection': 'close',
+ }
+ )['status']
+ == 400
+ ), 'field trailing sp'
def test_http_header_field_trailing_htab(self):
self.load('empty')
- resp = self.get(
- headers={
- 'Host': 'localhost',
- 'Custom-Header\t': 'blah',
- 'Connection': 'close',
- }
- )
-
- assert resp['status'] == 400, 'field trailing htab'
+ assert (
+ self.get(
+ headers={
+ 'Host': 'localhost',
+ 'Custom-Header\t': 'blah',
+ 'Connection': 'close',
+ }
+ )['status']
+ == 400
+ ), 'field trailing htab'
def test_http_header_content_length_big(self):
self.load('empty')
@@ -427,3 +431,41 @@ Connection: close
)['status']
== 400
), 'Host multiple fields'
+
+ def test_http_discard_unsafe_fields(self):
+ self.load('header_fields')
+
+ def check_status(header):
+ resp = self.get(
+ headers={
+ 'Host': 'localhost',
+ header: 'blah',
+ 'Connection': 'close',
+ }
+ )
+
+ assert resp['status'] == 200
+ return resp
+
+ resp = check_status("!Custom-Header")
+ assert 'CUSTOM' not in resp['headers']['All-Headers']
+
+ resp = check_status("Custom_Header")
+ assert 'CUSTOM' not in resp['headers']['All-Headers']
+
+ assert 'success' in self.conf(
+ {'http': {'discard_unsafe_fields': False}}, 'settings',
+ )
+
+ resp = check_status("!#$%&'*+.^`|~Custom_Header")
+ assert 'CUSTOM' in resp['headers']['All-Headers']
+
+ assert 'success' in self.conf(
+ {'http': {'discard_unsafe_fields': True}}, 'settings',
+ )
+
+ resp = check_status("!Custom-Header")
+ assert 'CUSTOM' not in resp['headers']['All-Headers']
+
+ resp = check_status("Custom_Header")
+ assert 'CUSTOM' not in resp['headers']['All-Headers']