integration: Add tests for X-Forwarded-Proto handling

This commit is contained in:
Tatsuhiro Tsujikawa 2017-04-05 23:31:54 +09:00
parent 8c0b2c684a
commit 6aa581d2f0
2 changed files with 201 additions and 3 deletions

View File

@ -163,7 +163,7 @@ OPTIONS = [
"redirect-https-port",
"frontend-max-requests",
"single-thread",
"no-add-x-forwarded-proto",
"add-x-forwarded-proto",
"strip-incoming-x-forwarded-proto",
]

View File

@ -35,6 +35,105 @@ func TestH2H1PlainGET(t *testing.T) {
}
}
// TestH2H1AddXfp tests that server appends :scheme to the existing
// x-forwarded-proto header field.
func TestH2H1AddXfp(t *testing.T) {
st := newServerTester([]string{"--add-x-forwarded-proto"}, t, func(w http.ResponseWriter, r *http.Request) {
xfp := r.Header.Get("X-Forwarded-Proto")
if got, want := xfp, "foo, http"; got != want {
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
}
})
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1AddXfp",
header: []hpack.HeaderField{
pair("x-forwarded-proto", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1NoAddXfp tests that server does not append :scheme to the
// existing x-forwarded-proto header field.
func TestH2H1NoAddXfp(t *testing.T) {
st := newServerTester(nil, t, func(w http.ResponseWriter, r *http.Request) {
xfp := r.Header.Get("X-Forwarded-Proto")
if got, want := xfp, "foo"; got != want {
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
}
})
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1NoAddXfp",
header: []hpack.HeaderField{
pair("x-forwarded-proto", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1StripXfp tests that server strips incoming
// x-forwarded-proto header field.
func TestH2H1StripXfp(t *testing.T) {
st := newServerTester([]string{"--add-x-forwarded-proto", "--strip-incoming-x-forwarded-proto"}, t, func(w http.ResponseWriter, r *http.Request) {
xfp := r.Header.Get("X-Forwarded-Proto")
if got, want := xfp, "http"; got != want {
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
}
})
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1StripXfp",
header: []hpack.HeaderField{
pair("x-forwarded-proto", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1StripNoAddXfp tests that server strips incoming
// x-forwarded-proto header field, and does not add another.
func TestH2H1StripNoAddXfp(t *testing.T) {
st := newServerTester([]string{"--strip-incoming-x-forwarded-proto"}, t, func(w http.ResponseWriter, r *http.Request) {
if got, found := r.Header["X-Forwarded-Proto"]; found {
t.Errorf("X-Forwarded-Proto = %q; want nothing", got)
}
})
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1StripNoAddXfp",
header: []hpack.HeaderField{
pair("x-forwarded-proto", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1AddXff tests that server generates X-Forwarded-For header
// field when forwarding request to backend.
func TestH2H1AddXff(t *testing.T) {
@ -741,7 +840,7 @@ func TestH2H1SNI(t *testing.T) {
// with http value since :scheme is http, even if the frontend
// connection is encrypted.
func TestH2H1TLSXfp(t *testing.T) {
st := newServerTesterTLS(nil, t, func(w http.ResponseWriter, r *http.Request) {
st := newServerTesterTLS([]string{"--add-x-forwarded-proto"}, t, func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("x-forwarded-proto"), "http"; got != want {
t.Errorf("x-forwarded-proto: want %v; got %v", want, got)
}
@ -1635,7 +1734,7 @@ func TestH2H2NoHostRewrite(t *testing.T) {
// with http value since :scheme is http, even if the frontend
// connection is encrypted.
func TestH2H2TLSXfp(t *testing.T) {
st := newServerTesterTLS([]string{"--http2-bridge"}, t, func(w http.ResponseWriter, r *http.Request) {
st := newServerTesterTLS([]string{"--http2-bridge", "--add-x-forwarded-proto"}, t, func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("x-forwarded-proto"), "http"; got != want {
t.Errorf("x-forwarded-proto: want %v; got %v", want, got)
}
@ -1653,6 +1752,105 @@ func TestH2H2TLSXfp(t *testing.T) {
}
}
// TestH2H2AddXfp tests that server appends :scheme to the existing
// x-forwarded-proto header field.
func TestH2H2AddXfp(t *testing.T) {
st := newServerTesterTLS([]string{"--http2-bridge", "--add-x-forwarded-proto"}, t, func(w http.ResponseWriter, r *http.Request) {
xfp := r.Header.Get("X-Forwarded-Proto")
if got, want := xfp, "foo, http"; got != want {
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
}
})
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2AddXfp",
header: []hpack.HeaderField{
pair("x-forwarded-proto", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H2NoAddXfp tests that server does not append :scheme to the
// existing x-forwarded-proto header field.
func TestH2H2NoAddXfp(t *testing.T) {
st := newServerTesterTLS([]string{"--http2-bridge"}, t, func(w http.ResponseWriter, r *http.Request) {
xfp := r.Header.Get("X-Forwarded-Proto")
if got, want := xfp, "foo"; got != want {
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
}
})
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2NoAddXfp",
header: []hpack.HeaderField{
pair("x-forwarded-proto", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H2StripXfp tests that server strips incoming
// x-forwarded-proto header field.
func TestH2H2StripXfp(t *testing.T) {
st := newServerTesterTLS([]string{"--http2-bridge", "--strip-incoming-x-forwarded-proto", "--add-x-forwarded-proto"}, t, func(w http.ResponseWriter, r *http.Request) {
xfp := r.Header.Get("X-Forwarded-Proto")
if got, want := xfp, "http"; got != want {
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
}
})
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2StripXfp",
header: []hpack.HeaderField{
pair("x-forwarded-proto", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H2StripNoAddXfp tests that server strips incoming
// x-forwarded-proto header field, and does not add another.
func TestH2H2StripNoAddXfp(t *testing.T) {
st := newServerTesterTLS([]string{"--http2-bridge", "--strip-incoming-x-forwarded-proto"}, t, func(w http.ResponseWriter, r *http.Request) {
if got, found := r.Header["X-Forwarded-Proto"]; found {
t.Errorf("X-Forwarded-Proto = %q; want nothing", got)
}
})
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2StripNoAddXfp",
header: []hpack.HeaderField{
pair("x-forwarded-proto", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H2AddXff tests that server generates X-Forwarded-For header
// field when forwarding request to backend.
func TestH2H2AddXff(t *testing.T) {