2020-09-01 16:16:04 +00:00
|
|
|
package headers
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
2023-02-03 14:24:05 +00:00
|
|
|
"github.com/traefik/traefik/v3/pkg/config/dynamic"
|
2020-09-01 16:16:04 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// Middleware tests based on https://github.com/unrolled/secure
|
|
|
|
|
|
|
|
func Test_newSecure_modifyResponse(t *testing.T) {
|
|
|
|
testCases := []struct {
|
|
|
|
desc string
|
|
|
|
cfg dynamic.Headers
|
|
|
|
expected http.Header
|
|
|
|
}{
|
2021-06-21 13:16:13 +00:00
|
|
|
{
|
|
|
|
desc: "PermissionsPolicy",
|
|
|
|
cfg: dynamic.Headers{
|
|
|
|
PermissionsPolicy: "microphone=(),",
|
|
|
|
},
|
|
|
|
expected: http.Header{"Permissions-Policy": []string{"microphone=(),"}},
|
|
|
|
},
|
2020-09-01 16:16:04 +00:00
|
|
|
{
|
|
|
|
desc: "STSSeconds",
|
|
|
|
cfg: dynamic.Headers{
|
|
|
|
STSSeconds: 1,
|
|
|
|
ForceSTSHeader: true,
|
|
|
|
},
|
|
|
|
expected: http.Header{"Strict-Transport-Security": []string{"max-age=1"}},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "STSSeconds and STSPreload",
|
|
|
|
cfg: dynamic.Headers{
|
|
|
|
STSSeconds: 1,
|
|
|
|
ForceSTSHeader: true,
|
|
|
|
STSPreload: true,
|
|
|
|
},
|
|
|
|
expected: http.Header{"Strict-Transport-Security": []string{"max-age=1; preload"}},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "CustomFrameOptionsValue",
|
|
|
|
cfg: dynamic.Headers{
|
|
|
|
CustomFrameOptionsValue: "foo",
|
|
|
|
},
|
|
|
|
expected: http.Header{"X-Frame-Options": []string{"foo"}},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "FrameDeny",
|
|
|
|
cfg: dynamic.Headers{
|
|
|
|
FrameDeny: true,
|
|
|
|
},
|
|
|
|
expected: http.Header{"X-Frame-Options": []string{"DENY"}},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "ContentTypeNosniff",
|
|
|
|
cfg: dynamic.Headers{
|
|
|
|
ContentTypeNosniff: true,
|
|
|
|
},
|
|
|
|
expected: http.Header{"X-Content-Type-Options": []string{"nosniff"}},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
emptyHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) })
|
|
|
|
|
|
|
|
for _, test := range testCases {
|
|
|
|
test := test
|
|
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
secure := newSecure(emptyHandler, test.cfg, "mymiddleware")
|
|
|
|
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "/foo", nil)
|
|
|
|
|
|
|
|
rw := httptest.NewRecorder()
|
|
|
|
|
|
|
|
secure.ServeHTTP(rw, req)
|
|
|
|
|
|
|
|
assert.Equal(t, test.expected, rw.Result().Header)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|