diff options
Diffstat (limited to 'test/test_http_header.py')
-rw-r--r-- | test/test_http_header.py | 114 |
1 files changed, 78 insertions, 36 deletions
diff --git a/test/test_http_header.py b/test/test_http_header.py index 8381a0d9..fdb557cf 100644 --- a/test/test_http_header.py +++ b/test/test_http_header.py @@ -154,54 +154,58 @@ Connection: close def test_http_header_field_leading_sp(self): self.load('empty') - resp = self.get( - headers={ - 'Host': 'localhost', - ' Custom-Header': 'blah', - 'Connection': 'close', - } - ) - - assert resp['status'] == 400, 'field leading sp' + assert ( + self.get( + headers={ + 'Host': 'localhost', + ' Custom-Header': 'blah', + 'Connection': 'close', + } + )['status'] + == 400 + ), 'field leading sp' def test_http_header_field_leading_htab(self): self.load('empty') - resp = self.get( - headers={ - 'Host': 'localhost', - '\tCustom-Header': 'blah', - 'Connection': 'close', - } - ) - - assert resp['status'] == 400, 'field leading htab' + assert ( + self.get( + headers={ + 'Host': 'localhost', + '\tCustom-Header': 'blah', + 'Connection': 'close', + } + )['status'] + == 400 + ), 'field leading htab' def test_http_header_field_trailing_sp(self): self.load('empty') - resp = self.get( - headers={ - 'Host': 'localhost', - 'Custom-Header ': 'blah', - 'Connection': 'close', - } - ) - - assert resp['status'] == 400, 'field trailing sp' + assert ( + self.get( + headers={ + 'Host': 'localhost', + 'Custom-Header ': 'blah', + 'Connection': 'close', + } + )['status'] + == 400 + ), 'field trailing sp' def test_http_header_field_trailing_htab(self): self.load('empty') - resp = self.get( - headers={ - 'Host': 'localhost', - 'Custom-Header\t': 'blah', - 'Connection': 'close', - } - ) - - assert resp['status'] == 400, 'field trailing htab' + assert ( + self.get( + headers={ + 'Host': 'localhost', + 'Custom-Header\t': 'blah', + 'Connection': 'close', + } + )['status'] + == 400 + ), 'field trailing htab' def test_http_header_content_length_big(self): self.load('empty') @@ -427,3 +431,41 @@ Connection: close )['status'] == 400 ), 'Host multiple fields' + + def test_http_discard_unsafe_fields(self): + self.load('header_fields') + + def check_status(header): + resp = self.get( + headers={ + 'Host': 'localhost', + header: 'blah', + 'Connection': 'close', + } + ) + + assert resp['status'] == 200 + return resp + + resp = check_status("!Custom-Header") + assert 'CUSTOM' not in resp['headers']['All-Headers'] + + resp = check_status("Custom_Header") + assert 'CUSTOM' not in resp['headers']['All-Headers'] + + assert 'success' in self.conf( + {'http': {'discard_unsafe_fields': False}}, 'settings', + ) + + resp = check_status("!#$%&'*+.^`|~Custom_Header") + assert 'CUSTOM' in resp['headers']['All-Headers'] + + assert 'success' in self.conf( + {'http': {'discard_unsafe_fields': True}}, 'settings', + ) + + resp = check_status("!Custom-Header") + assert 'CUSTOM' not in resp['headers']['All-Headers'] + + resp = check_status("Custom_Header") + assert 'CUSTOM' not in resp['headers']['All-Headers'] |