summaryrefslogtreecommitdiffhomepage
path: root/test/test_http_header.py
diff options
context:
space:
mode:
Diffstat (limited to 'test/test_http_header.py')
-rw-r--r--test/test_http_header.py38
1 files changed, 38 insertions, 0 deletions
diff --git a/test/test_http_header.py b/test/test_http_header.py
index b1c77066..fdb557cf 100644
--- a/test/test_http_header.py
+++ b/test/test_http_header.py
@@ -431,3 +431,41 @@ Connection: close
)['status']
== 400
), 'Host multiple fields'
+
+ def test_http_discard_unsafe_fields(self):
+ self.load('header_fields')
+
+ def check_status(header):
+ resp = self.get(
+ headers={
+ 'Host': 'localhost',
+ header: 'blah',
+ 'Connection': 'close',
+ }
+ )
+
+ assert resp['status'] == 200
+ return resp
+
+ resp = check_status("!Custom-Header")
+ assert 'CUSTOM' not in resp['headers']['All-Headers']
+
+ resp = check_status("Custom_Header")
+ assert 'CUSTOM' not in resp['headers']['All-Headers']
+
+ assert 'success' in self.conf(
+ {'http': {'discard_unsafe_fields': False}}, 'settings',
+ )
+
+ resp = check_status("!#$%&'*+.^`|~Custom_Header")
+ assert 'CUSTOM' in resp['headers']['All-Headers']
+
+ assert 'success' in self.conf(
+ {'http': {'discard_unsafe_fields': True}}, 'settings',
+ )
+
+ resp = check_status("!Custom-Header")
+ assert 'CUSTOM' not in resp['headers']['All-Headers']
+
+ resp = check_status("Custom_Header")
+ assert 'CUSTOM' not in resp['headers']['All-Headers']
generated by cgit (git 2.34.1) at 2024-11-18 20:45:21 +0000