Tests: added tests for a "discard_unsafe_fields" option.

2020-11-19 05:21:48 +00:00
parent e154d7a3a2
commit 18ddb74772
2 changed files with 47 additions and 0 deletions
--- a/test/python/header_fields/wsgi.py
+++ b/test/python/header_fields/wsgi.py
@@ -0,0 +1,9 @@
+def application(environ, start_response):
+
+    h = (k for k, v in environ.items() if k.startswith('HTTP_'))
+
+    start_response('200', [
+        ('Content-Length', '0'),
+        ('All-Headers', ','.join(h))
+    ])
+    return []
--- a/test/test_http_header.py
+++ b/test/test_http_header.py
@@ -431,3 +431,41 @@ Connection: close
            )['status']
            == 400
        ), 'Host multiple fields'
+
+    def test_http_discard_unsafe_fields(self):
+        self.load('header_fields')
+
+        def check_status(header):
+            resp = self.get(
+                headers={
+                    'Host': 'localhost',
+                    header: 'blah',
+                    'Connection': 'close',
+                }
+            )
+
+            assert resp['status'] == 200
+            return resp
+
+        resp = check_status("!Custom-Header")
+        assert 'CUSTOM' not in resp['headers']['All-Headers']
+
+        resp = check_status("Custom_Header")
+        assert 'CUSTOM' not in resp['headers']['All-Headers']
+
+        assert 'success' in self.conf(
+            {'http': {'discard_unsafe_fields': False}}, 'settings',
+        )
+
+        resp = check_status("!#$%&'*+.^`|~Custom_Header")
+        assert 'CUSTOM' in resp['headers']['All-Headers']
+
+        assert 'success' in self.conf(
+            {'http': {'discard_unsafe_fields': True}}, 'settings',
+        )
+
+        resp = check_status("!Custom-Header")
+        assert 'CUSTOM' not in resp['headers']['All-Headers']
+
+        resp = check_status("Custom_Header")
+        assert 'CUSTOM' not in resp['headers']['All-Headers']