2018-11-14 09:18:03 +00:00
|
|
|
package headers
|
|
|
|
|
|
|
|
// Middleware tests based on https://github.com/unrolled/secure
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
|
|
|
"testing"
|
|
|
|
|
2019-08-03 01:58:23 +00:00
|
|
|
"github.com/containous/traefik/v2/pkg/config/dynamic"
|
|
|
|
"github.com/containous/traefik/v2/pkg/testhelpers"
|
|
|
|
"github.com/containous/traefik/v2/pkg/tracing"
|
2018-11-14 09:18:03 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestCustomRequestHeader(t *testing.T) {
|
|
|
|
emptyHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
|
|
|
|
|
2019-07-10 07:26:04 +00:00
|
|
|
header := NewHeader(emptyHandler, dynamic.Headers{
|
2018-11-14 09:18:03 +00:00
|
|
|
CustomRequestHeaders: map[string]string{
|
|
|
|
"X-Custom-Request-Header": "test_request",
|
|
|
|
},
|
|
|
|
})
|
|
|
|
|
|
|
|
res := httptest.NewRecorder()
|
|
|
|
req := testhelpers.MustNewRequest(http.MethodGet, "/foo", nil)
|
|
|
|
|
|
|
|
header.ServeHTTP(res, req)
|
|
|
|
|
|
|
|
assert.Equal(t, http.StatusOK, res.Code)
|
|
|
|
assert.Equal(t, "test_request", req.Header.Get("X-Custom-Request-Header"))
|
|
|
|
}
|
|
|
|
|
2020-03-17 23:54:04 +00:00
|
|
|
func TestCustomRequestHeader_Host(t *testing.T) {
|
|
|
|
emptyHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
|
|
|
|
|
|
|
|
testCases := []struct {
|
|
|
|
desc string
|
|
|
|
customHeaders map[string]string
|
|
|
|
expectedHost string
|
|
|
|
expectedURLHost string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
desc: "standard Host header",
|
|
|
|
customHeaders: map[string]string{},
|
|
|
|
expectedHost: "example.org",
|
|
|
|
expectedURLHost: "example.org",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "custom Host header",
|
|
|
|
customHeaders: map[string]string{
|
|
|
|
"Host": "example.com",
|
|
|
|
},
|
|
|
|
expectedHost: "example.com",
|
|
|
|
expectedURLHost: "example.org",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range testCases {
|
|
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
|
|
header := NewHeader(emptyHandler, dynamic.Headers{
|
|
|
|
CustomRequestHeaders: test.customHeaders,
|
|
|
|
})
|
|
|
|
|
|
|
|
res := httptest.NewRecorder()
|
|
|
|
req, err := http.NewRequest(http.MethodGet, "http://example.org/foo", nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
header.ServeHTTP(res, req)
|
|
|
|
|
|
|
|
assert.Equal(t, http.StatusOK, res.Code)
|
|
|
|
assert.Equal(t, test.expectedHost, req.Host)
|
|
|
|
assert.Equal(t, test.expectedURLHost, req.URL.Host)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-11-14 09:18:03 +00:00
|
|
|
func TestCustomRequestHeaderEmptyValue(t *testing.T) {
|
|
|
|
emptyHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
|
|
|
|
|
2019-07-10 07:26:04 +00:00
|
|
|
header := NewHeader(emptyHandler, dynamic.Headers{
|
2018-11-14 09:18:03 +00:00
|
|
|
CustomRequestHeaders: map[string]string{
|
|
|
|
"X-Custom-Request-Header": "test_request",
|
|
|
|
},
|
|
|
|
})
|
|
|
|
|
|
|
|
res := httptest.NewRecorder()
|
|
|
|
req := testhelpers.MustNewRequest(http.MethodGet, "/foo", nil)
|
|
|
|
|
|
|
|
header.ServeHTTP(res, req)
|
|
|
|
|
|
|
|
assert.Equal(t, http.StatusOK, res.Code)
|
|
|
|
assert.Equal(t, "test_request", req.Header.Get("X-Custom-Request-Header"))
|
|
|
|
|
2019-07-10 07:26:04 +00:00
|
|
|
header = NewHeader(emptyHandler, dynamic.Headers{
|
2018-11-14 09:18:03 +00:00
|
|
|
CustomRequestHeaders: map[string]string{
|
|
|
|
"X-Custom-Request-Header": "",
|
|
|
|
},
|
|
|
|
})
|
|
|
|
|
|
|
|
header.ServeHTTP(res, req)
|
|
|
|
|
|
|
|
assert.Equal(t, http.StatusOK, res.Code)
|
|
|
|
assert.Equal(t, "", req.Header.Get("X-Custom-Request-Header"))
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestSecureHeader(t *testing.T) {
|
|
|
|
testCases := []struct {
|
|
|
|
desc string
|
|
|
|
fromHost string
|
|
|
|
expected int
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
desc: "Should accept the request when given a host that is in the list",
|
|
|
|
fromHost: "foo.com",
|
|
|
|
expected: http.StatusOK,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Should refuse the request when no host is given",
|
|
|
|
fromHost: "",
|
|
|
|
expected: http.StatusInternalServerError,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Should refuse the request when no matching host is given",
|
|
|
|
fromHost: "boo.com",
|
|
|
|
expected: http.StatusInternalServerError,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
emptyHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
|
2019-07-10 07:26:04 +00:00
|
|
|
header, err := New(context.Background(), emptyHandler, dynamic.Headers{
|
2018-11-14 09:18:03 +00:00
|
|
|
AllowedHosts: []string{"foo.com", "bar.com"},
|
|
|
|
}, "foo")
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
for _, test := range testCases {
|
|
|
|
test := test
|
|
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
res := httptest.NewRecorder()
|
|
|
|
req := testhelpers.MustNewRequest(http.MethodGet, "/foo", nil)
|
|
|
|
req.Host = test.fromHost
|
|
|
|
header.ServeHTTP(res, req)
|
|
|
|
assert.Equal(t, test.expected, res.Code)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2018-11-19 15:40:03 +00:00
|
|
|
|
|
|
|
func TestSSLForceHost(t *testing.T) {
|
|
|
|
next := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
2019-02-05 16:10:03 +00:00
|
|
|
_, _ = rw.Write([]byte("OK"))
|
2018-11-19 15:40:03 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
testCases := []struct {
|
|
|
|
desc string
|
|
|
|
host string
|
|
|
|
secureMiddleware *secureHeader
|
|
|
|
expected int
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
desc: "http should return a 301",
|
|
|
|
host: "http://powpow.example.com",
|
2019-07-10 07:26:04 +00:00
|
|
|
secureMiddleware: newSecure(next, dynamic.Headers{
|
2018-11-19 15:40:03 +00:00
|
|
|
SSLRedirect: true,
|
|
|
|
SSLForceHost: true,
|
|
|
|
SSLHost: "powpow.example.com",
|
|
|
|
}),
|
|
|
|
expected: http.StatusMovedPermanently,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "http sub domain should return a 301",
|
|
|
|
host: "http://www.powpow.example.com",
|
2019-07-10 07:26:04 +00:00
|
|
|
secureMiddleware: newSecure(next, dynamic.Headers{
|
2018-11-19 15:40:03 +00:00
|
|
|
SSLRedirect: true,
|
|
|
|
SSLForceHost: true,
|
|
|
|
SSLHost: "powpow.example.com",
|
|
|
|
}),
|
|
|
|
expected: http.StatusMovedPermanently,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "https should return a 200",
|
|
|
|
host: "https://powpow.example.com",
|
2019-07-10 07:26:04 +00:00
|
|
|
secureMiddleware: newSecure(next, dynamic.Headers{
|
2018-11-19 15:40:03 +00:00
|
|
|
SSLRedirect: true,
|
|
|
|
SSLForceHost: true,
|
|
|
|
SSLHost: "powpow.example.com",
|
|
|
|
}),
|
|
|
|
expected: http.StatusOK,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "https sub domain should return a 301",
|
|
|
|
host: "https://www.powpow.example.com",
|
2019-07-10 07:26:04 +00:00
|
|
|
secureMiddleware: newSecure(next, dynamic.Headers{
|
2018-11-19 15:40:03 +00:00
|
|
|
SSLRedirect: true,
|
|
|
|
SSLForceHost: true,
|
|
|
|
SSLHost: "powpow.example.com",
|
|
|
|
}),
|
|
|
|
expected: http.StatusMovedPermanently,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "http without force host and sub domain should return a 301",
|
|
|
|
host: "http://www.powpow.example.com",
|
2019-07-10 07:26:04 +00:00
|
|
|
secureMiddleware: newSecure(next, dynamic.Headers{
|
2018-11-19 15:40:03 +00:00
|
|
|
SSLRedirect: true,
|
|
|
|
SSLForceHost: false,
|
|
|
|
SSLHost: "powpow.example.com",
|
|
|
|
}),
|
|
|
|
expected: http.StatusMovedPermanently,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "https without force host and sub domain should return a 301",
|
|
|
|
host: "https://www.powpow.example.com",
|
2019-07-10 07:26:04 +00:00
|
|
|
secureMiddleware: newSecure(next, dynamic.Headers{
|
2018-11-19 15:40:03 +00:00
|
|
|
SSLRedirect: true,
|
|
|
|
SSLForceHost: false,
|
|
|
|
SSLHost: "powpow.example.com",
|
|
|
|
}),
|
|
|
|
expected: http.StatusOK,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range testCases {
|
|
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
|
|
req := testhelpers.MustNewRequest(http.MethodGet, test.host, nil)
|
|
|
|
|
|
|
|
rw := httptest.NewRecorder()
|
|
|
|
test.secureMiddleware.ServeHTTP(rw, req)
|
|
|
|
|
|
|
|
assert.Equal(t, test.expected, rw.Result().StatusCode)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
2019-04-02 08:40:04 +00:00
|
|
|
|
|
|
|
func TestCORSPreflights(t *testing.T) {
|
|
|
|
emptyHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
|
|
|
|
|
|
|
|
testCases := []struct {
|
|
|
|
desc string
|
|
|
|
header *Header
|
|
|
|
requestHeaders http.Header
|
|
|
|
expected http.Header
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
desc: "Test Simple Preflight",
|
2019-07-10 07:26:04 +00:00
|
|
|
header: NewHeader(emptyHandler, dynamic.Headers{
|
2020-03-05 07:18:04 +00:00
|
|
|
AccessControlAllowMethods: []string{"GET", "OPTIONS", "PUT"},
|
|
|
|
AccessControlAllowOriginList: []string{"https://foo.bar.org"},
|
|
|
|
AccessControlMaxAge: 600,
|
2019-04-02 08:40:04 +00:00
|
|
|
}),
|
|
|
|
requestHeaders: map[string][]string{
|
|
|
|
"Access-Control-Request-Headers": {"origin"},
|
|
|
|
"Access-Control-Request-Method": {"GET", "OPTIONS"},
|
|
|
|
"Origin": {"https://foo.bar.org"},
|
|
|
|
},
|
|
|
|
expected: map[string][]string{
|
|
|
|
"Access-Control-Allow-Origin": {"https://foo.bar.org"},
|
|
|
|
"Access-Control-Max-Age": {"600"},
|
|
|
|
"Access-Control-Allow-Methods": {"GET,OPTIONS,PUT"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Wildcard origin Preflight",
|
2019-07-10 07:26:04 +00:00
|
|
|
header: NewHeader(emptyHandler, dynamic.Headers{
|
2020-03-05 07:18:04 +00:00
|
|
|
AccessControlAllowMethods: []string{"GET", "OPTIONS", "PUT"},
|
|
|
|
AccessControlAllowOriginList: []string{"*"},
|
|
|
|
AccessControlMaxAge: 600,
|
2019-04-02 08:40:04 +00:00
|
|
|
}),
|
|
|
|
requestHeaders: map[string][]string{
|
|
|
|
"Access-Control-Request-Headers": {"origin"},
|
|
|
|
"Access-Control-Request-Method": {"GET", "OPTIONS"},
|
|
|
|
"Origin": {"https://foo.bar.org"},
|
|
|
|
},
|
|
|
|
expected: map[string][]string{
|
|
|
|
"Access-Control-Allow-Origin": {"*"},
|
|
|
|
"Access-Control-Max-Age": {"600"},
|
|
|
|
"Access-Control-Allow-Methods": {"GET,OPTIONS,PUT"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Allow Credentials Preflight",
|
2019-07-10 07:26:04 +00:00
|
|
|
header: NewHeader(emptyHandler, dynamic.Headers{
|
2019-04-02 08:40:04 +00:00
|
|
|
AccessControlAllowMethods: []string{"GET", "OPTIONS", "PUT"},
|
2020-03-05 07:18:04 +00:00
|
|
|
AccessControlAllowOriginList: []string{"*"},
|
2019-04-02 08:40:04 +00:00
|
|
|
AccessControlAllowCredentials: true,
|
|
|
|
AccessControlMaxAge: 600,
|
|
|
|
}),
|
|
|
|
requestHeaders: map[string][]string{
|
|
|
|
"Access-Control-Request-Headers": {"origin"},
|
|
|
|
"Access-Control-Request-Method": {"GET", "OPTIONS"},
|
|
|
|
"Origin": {"https://foo.bar.org"},
|
|
|
|
},
|
|
|
|
expected: map[string][]string{
|
|
|
|
"Access-Control-Allow-Origin": {"*"},
|
|
|
|
"Access-Control-Max-Age": {"600"},
|
|
|
|
"Access-Control-Allow-Methods": {"GET,OPTIONS,PUT"},
|
|
|
|
"Access-Control-Allow-Credentials": {"true"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Allow Headers Preflight",
|
2019-07-10 07:26:04 +00:00
|
|
|
header: NewHeader(emptyHandler, dynamic.Headers{
|
2020-03-05 07:18:04 +00:00
|
|
|
AccessControlAllowMethods: []string{"GET", "OPTIONS", "PUT"},
|
|
|
|
AccessControlAllowOriginList: []string{"*"},
|
|
|
|
AccessControlAllowHeaders: []string{"origin", "X-Forwarded-For"},
|
|
|
|
AccessControlMaxAge: 600,
|
2019-04-02 08:40:04 +00:00
|
|
|
}),
|
|
|
|
requestHeaders: map[string][]string{
|
|
|
|
"Access-Control-Request-Headers": {"origin"},
|
|
|
|
"Access-Control-Request-Method": {"GET", "OPTIONS"},
|
|
|
|
"Origin": {"https://foo.bar.org"},
|
|
|
|
},
|
|
|
|
expected: map[string][]string{
|
|
|
|
"Access-Control-Allow-Origin": {"*"},
|
|
|
|
"Access-Control-Max-Age": {"600"},
|
|
|
|
"Access-Control-Allow-Methods": {"GET,OPTIONS,PUT"},
|
|
|
|
"Access-Control-Allow-Headers": {"origin,X-Forwarded-For"},
|
|
|
|
},
|
|
|
|
},
|
2019-11-28 14:24:06 +00:00
|
|
|
{
|
|
|
|
desc: "No Request Headers Preflight",
|
|
|
|
header: NewHeader(emptyHandler, dynamic.Headers{
|
2020-03-05 07:18:04 +00:00
|
|
|
AccessControlAllowMethods: []string{"GET", "OPTIONS", "PUT"},
|
|
|
|
AccessControlAllowOriginList: []string{"*"},
|
|
|
|
AccessControlAllowHeaders: []string{"origin", "X-Forwarded-For"},
|
|
|
|
AccessControlMaxAge: 600,
|
2019-11-28 14:24:06 +00:00
|
|
|
}),
|
|
|
|
requestHeaders: map[string][]string{
|
|
|
|
"Access-Control-Request-Method": {"GET", "OPTIONS"},
|
|
|
|
"Origin": {"https://foo.bar.org"},
|
|
|
|
},
|
|
|
|
expected: map[string][]string{
|
|
|
|
"Access-Control-Allow-Origin": {"*"},
|
|
|
|
"Access-Control-Max-Age": {"600"},
|
|
|
|
"Access-Control-Allow-Methods": {"GET,OPTIONS,PUT"},
|
|
|
|
"Access-Control-Allow-Headers": {"origin,X-Forwarded-For"},
|
|
|
|
},
|
|
|
|
},
|
2019-04-02 08:40:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range testCases {
|
|
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
|
|
req := testhelpers.MustNewRequest(http.MethodOptions, "/foo", nil)
|
|
|
|
req.Header = test.requestHeaders
|
|
|
|
|
|
|
|
rw := httptest.NewRecorder()
|
|
|
|
test.header.ServeHTTP(rw, req)
|
|
|
|
|
|
|
|
assert.Equal(t, test.expected, rw.Result().Header)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestEmptyHeaderObject(t *testing.T) {
|
|
|
|
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
|
|
|
|
|
2019-07-10 07:26:04 +00:00
|
|
|
_, err := New(context.Background(), next, dynamic.Headers{}, "testing")
|
2019-04-02 08:40:04 +00:00
|
|
|
require.Errorf(t, err, "headers configuration not valid")
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestCustomHeaderHandler(t *testing.T) {
|
|
|
|
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
|
|
|
|
|
2019-07-10 07:26:04 +00:00
|
|
|
header, _ := New(context.Background(), next, dynamic.Headers{
|
2019-04-02 08:40:04 +00:00
|
|
|
CustomRequestHeaders: map[string]string{
|
|
|
|
"X-Custom-Request-Header": "test_request",
|
|
|
|
},
|
|
|
|
}, "testing")
|
|
|
|
|
|
|
|
res := httptest.NewRecorder()
|
|
|
|
req := testhelpers.MustNewRequest(http.MethodGet, "/foo", nil)
|
|
|
|
|
|
|
|
header.ServeHTTP(res, req)
|
|
|
|
|
|
|
|
assert.Equal(t, http.StatusOK, res.Code)
|
|
|
|
assert.Equal(t, "test_request", req.Header.Get("X-Custom-Request-Header"))
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestGetTracingInformation(t *testing.T) {
|
|
|
|
next := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
|
|
|
|
|
|
|
|
header := &headers{
|
|
|
|
handler: next,
|
|
|
|
name: "testing",
|
|
|
|
}
|
|
|
|
|
|
|
|
name, trace := header.GetTracingInformation()
|
|
|
|
|
|
|
|
assert.Equal(t, "testing", name)
|
|
|
|
assert.Equal(t, tracing.SpanKindNoneEnum, trace)
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestCORSResponses(t *testing.T) {
|
|
|
|
emptyHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
|
|
|
|
nonEmptyHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Vary", "Testing") })
|
2019-07-12 09:46:04 +00:00
|
|
|
existingOriginHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Vary", "Origin") })
|
2020-03-05 07:18:04 +00:00
|
|
|
existingAccessControlAllowOriginHandlerSet := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.Header().Set("Access-Control-Allow-Origin", "http://foo.bar.org")
|
|
|
|
})
|
|
|
|
existingAccessControlAllowOriginHandlerAdd := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
w.Header().Add("Access-Control-Allow-Origin", "http://foo.bar.org")
|
|
|
|
})
|
2019-04-02 08:40:04 +00:00
|
|
|
|
|
|
|
testCases := []struct {
|
|
|
|
desc string
|
|
|
|
header *Header
|
|
|
|
requestHeaders http.Header
|
|
|
|
expected http.Header
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
desc: "Test Simple Request",
|
2019-07-10 07:26:04 +00:00
|
|
|
header: NewHeader(emptyHandler, dynamic.Headers{
|
2020-03-05 07:18:04 +00:00
|
|
|
AccessControlAllowOriginList: []string{"https://foo.bar.org"},
|
2019-04-02 08:40:04 +00:00
|
|
|
}),
|
|
|
|
requestHeaders: map[string][]string{
|
|
|
|
"Origin": {"https://foo.bar.org"},
|
|
|
|
},
|
|
|
|
expected: map[string][]string{
|
|
|
|
"Access-Control-Allow-Origin": {"https://foo.bar.org"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Wildcard origin Request",
|
2019-07-10 07:26:04 +00:00
|
|
|
header: NewHeader(emptyHandler, dynamic.Headers{
|
2020-03-05 07:18:04 +00:00
|
|
|
AccessControlAllowOriginList: []string{"*"},
|
2019-04-02 08:40:04 +00:00
|
|
|
}),
|
|
|
|
requestHeaders: map[string][]string{
|
|
|
|
"Origin": {"https://foo.bar.org"},
|
|
|
|
},
|
|
|
|
expected: map[string][]string{
|
|
|
|
"Access-Control-Allow-Origin": {"*"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Empty origin Request",
|
2019-07-10 07:26:04 +00:00
|
|
|
header: NewHeader(emptyHandler, dynamic.Headers{
|
2020-03-05 07:18:04 +00:00
|
|
|
AccessControlAllowOriginList: []string{"https://foo.bar.org"},
|
2019-04-02 08:40:04 +00:00
|
|
|
}),
|
|
|
|
requestHeaders: map[string][]string{},
|
2020-03-05 07:18:04 +00:00
|
|
|
expected: map[string][]string{},
|
2019-04-02 08:40:04 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Not Defined origin Request",
|
2019-07-10 07:26:04 +00:00
|
|
|
header: NewHeader(emptyHandler, dynamic.Headers{}),
|
2019-04-02 08:40:04 +00:00
|
|
|
requestHeaders: map[string][]string{},
|
|
|
|
expected: map[string][]string{},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Allow Credentials Request",
|
2019-07-10 07:26:04 +00:00
|
|
|
header: NewHeader(emptyHandler, dynamic.Headers{
|
2020-03-05 07:18:04 +00:00
|
|
|
AccessControlAllowOriginList: []string{"*"},
|
2019-04-02 08:40:04 +00:00
|
|
|
AccessControlAllowCredentials: true,
|
|
|
|
}),
|
|
|
|
requestHeaders: map[string][]string{
|
|
|
|
"Origin": {"https://foo.bar.org"},
|
|
|
|
},
|
|
|
|
expected: map[string][]string{
|
|
|
|
"Access-Control-Allow-Origin": {"*"},
|
|
|
|
"Access-Control-Allow-Credentials": {"true"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Expose Headers Request",
|
2019-07-10 07:26:04 +00:00
|
|
|
header: NewHeader(emptyHandler, dynamic.Headers{
|
2020-03-05 07:18:04 +00:00
|
|
|
AccessControlAllowOriginList: []string{"*"},
|
|
|
|
AccessControlExposeHeaders: []string{"origin", "X-Forwarded-For"},
|
2019-04-02 08:40:04 +00:00
|
|
|
}),
|
|
|
|
requestHeaders: map[string][]string{
|
|
|
|
"Origin": {"https://foo.bar.org"},
|
|
|
|
},
|
|
|
|
expected: map[string][]string{
|
|
|
|
"Access-Control-Allow-Origin": {"*"},
|
|
|
|
"Access-Control-Expose-Headers": {"origin,X-Forwarded-For"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Test Simple Request with Vary Headers",
|
2019-07-10 07:26:04 +00:00
|
|
|
header: NewHeader(emptyHandler, dynamic.Headers{
|
2020-03-05 07:18:04 +00:00
|
|
|
AccessControlAllowOriginList: []string{"https://foo.bar.org"},
|
|
|
|
AddVaryHeader: true,
|
2019-04-02 08:40:04 +00:00
|
|
|
}),
|
|
|
|
requestHeaders: map[string][]string{
|
|
|
|
"Origin": {"https://foo.bar.org"},
|
|
|
|
},
|
|
|
|
expected: map[string][]string{
|
|
|
|
"Access-Control-Allow-Origin": {"https://foo.bar.org"},
|
|
|
|
"Vary": {"Origin"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Test Simple Request with Vary Headers and non-empty response",
|
2019-07-10 07:26:04 +00:00
|
|
|
header: NewHeader(nonEmptyHandler, dynamic.Headers{
|
2020-03-05 07:18:04 +00:00
|
|
|
AccessControlAllowOriginList: []string{"https://foo.bar.org"},
|
|
|
|
AddVaryHeader: true,
|
2019-04-02 08:40:04 +00:00
|
|
|
}),
|
|
|
|
requestHeaders: map[string][]string{
|
|
|
|
"Origin": {"https://foo.bar.org"},
|
|
|
|
},
|
|
|
|
expected: map[string][]string{
|
|
|
|
"Access-Control-Allow-Origin": {"https://foo.bar.org"},
|
|
|
|
"Vary": {"Testing,Origin"},
|
|
|
|
},
|
|
|
|
},
|
2019-07-12 09:46:04 +00:00
|
|
|
{
|
|
|
|
desc: "Test Simple Request with Vary Headers and existing vary:origin response",
|
|
|
|
header: NewHeader(existingOriginHandler, dynamic.Headers{
|
2020-03-05 07:18:04 +00:00
|
|
|
AccessControlAllowOriginList: []string{"https://foo.bar.org"},
|
|
|
|
AddVaryHeader: true,
|
2019-07-12 09:46:04 +00:00
|
|
|
}),
|
|
|
|
requestHeaders: map[string][]string{
|
|
|
|
"Origin": {"https://foo.bar.org"},
|
|
|
|
},
|
|
|
|
expected: map[string][]string{
|
|
|
|
"Access-Control-Allow-Origin": {"https://foo.bar.org"},
|
|
|
|
"Vary": {"Origin"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
2020-03-05 07:18:04 +00:00
|
|
|
desc: "Test Simple Request with non-empty response: set ACAO",
|
|
|
|
header: NewHeader(existingAccessControlAllowOriginHandlerSet, dynamic.Headers{
|
|
|
|
AccessControlAllowOriginList: []string{"*"},
|
|
|
|
}),
|
|
|
|
requestHeaders: map[string][]string{
|
|
|
|
"Origin": {"https://foo.bar.org"},
|
|
|
|
},
|
|
|
|
expected: map[string][]string{
|
|
|
|
"Access-Control-Allow-Origin": {"*"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Test Simple Request with non-empty response: add ACAO",
|
|
|
|
header: NewHeader(existingAccessControlAllowOriginHandlerAdd, dynamic.Headers{
|
|
|
|
AccessControlAllowOriginList: []string{"*"},
|
|
|
|
}),
|
|
|
|
requestHeaders: map[string][]string{
|
|
|
|
"Origin": {"https://foo.bar.org"},
|
|
|
|
},
|
|
|
|
expected: map[string][]string{
|
|
|
|
"Access-Control-Allow-Origin": {"*"},
|
|
|
|
},
|
2020-07-07 12:42:03 +00:00
|
|
|
},
|
|
|
|
{
|
2019-07-12 09:46:04 +00:00
|
|
|
desc: "Test Simple CustomRequestHeaders Not Hijacked by CORS",
|
|
|
|
header: NewHeader(emptyHandler, dynamic.Headers{
|
|
|
|
CustomRequestHeaders: map[string]string{"foo": "bar"},
|
|
|
|
}),
|
|
|
|
requestHeaders: map[string][]string{
|
|
|
|
"Access-Control-Request-Headers": {"origin"},
|
|
|
|
"Access-Control-Request-Method": {"GET", "OPTIONS"},
|
|
|
|
"Origin": {"https://foo.bar.org"},
|
|
|
|
},
|
|
|
|
expected: map[string][]string{},
|
|
|
|
},
|
2019-04-02 08:40:04 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range testCases {
|
|
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
|
|
req := testhelpers.MustNewRequest(http.MethodGet, "/foo", nil)
|
|
|
|
req.Header = test.requestHeaders
|
|
|
|
rw := httptest.NewRecorder()
|
|
|
|
test.header.ServeHTTP(rw, req)
|
2020-03-05 07:18:04 +00:00
|
|
|
res := rw.Result()
|
|
|
|
res.Request = req
|
|
|
|
err := test.header.PostRequestModifyResponseHeaders(res)
|
2019-04-02 08:40:04 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
assert.Equal(t, test.expected, rw.Result().Header)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestCustomResponseHeaders(t *testing.T) {
|
|
|
|
emptyHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
|
|
|
|
|
|
|
|
testCases := []struct {
|
|
|
|
desc string
|
|
|
|
header *Header
|
|
|
|
expected http.Header
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
desc: "Test Simple Response",
|
2019-07-10 07:26:04 +00:00
|
|
|
header: NewHeader(emptyHandler, dynamic.Headers{
|
2019-04-02 08:40:04 +00:00
|
|
|
CustomResponseHeaders: map[string]string{
|
|
|
|
"Testing": "foo",
|
|
|
|
"Testing2": "bar",
|
|
|
|
},
|
|
|
|
}),
|
|
|
|
expected: map[string][]string{
|
|
|
|
"Testing": {"foo"},
|
|
|
|
"Testing2": {"bar"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
desc: "Deleting Custom Header",
|
2019-07-10 07:26:04 +00:00
|
|
|
header: NewHeader(emptyHandler, dynamic.Headers{
|
2019-04-02 08:40:04 +00:00
|
|
|
CustomResponseHeaders: map[string]string{
|
|
|
|
"Testing": "foo",
|
|
|
|
"Testing2": "",
|
|
|
|
},
|
|
|
|
}),
|
|
|
|
expected: map[string][]string{
|
|
|
|
"Testing": {"foo"},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, test := range testCases {
|
|
|
|
t.Run(test.desc, func(t *testing.T) {
|
|
|
|
req := testhelpers.MustNewRequest(http.MethodGet, "/foo", nil)
|
|
|
|
rw := httptest.NewRecorder()
|
|
|
|
test.header.ServeHTTP(rw, req)
|
2019-07-12 09:46:04 +00:00
|
|
|
err := test.header.PostRequestModifyResponseHeaders(rw.Result())
|
2019-04-02 08:40:04 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
assert.Equal(t, test.expected, rw.Result().Header)
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|