nghttpx: Don't quote Forwarded params if it is not required
This commit is contained in:
parent
f44128774c
commit
acb38b726f
|
@ -140,7 +140,7 @@ func TestH2H1StripAddXff(t *testing.T) {
|
||||||
// Forwarded header field with obfuscated "by" and "for" parameters.
|
// Forwarded header field with obfuscated "by" and "for" parameters.
|
||||||
func TestH2H1AddForwardedObfuscated(t *testing.T) {
|
func TestH2H1AddForwardedObfuscated(t *testing.T) {
|
||||||
st := newServerTester([]string{"--add-forwarded=by,for,host,proto"}, t, func(w http.ResponseWriter, r *http.Request) {
|
st := newServerTester([]string{"--add-forwarded=by,for,host,proto"}, t, func(w http.ResponseWriter, r *http.Request) {
|
||||||
pattern := fmt.Sprintf(`by="_[^"]+";for="_[^"]+";host="127.0.0.1:%v";proto="http"`, serverPort)
|
pattern := fmt.Sprintf(`by=_[^;]+;for=_[^;]+;host="127.0.0.1:%v";proto=http`, serverPort)
|
||||||
validFwd := regexp.MustCompile(pattern)
|
validFwd := regexp.MustCompile(pattern)
|
||||||
got := r.Header.Get("Forwarded")
|
got := r.Header.Get("Forwarded")
|
||||||
|
|
||||||
|
@ -165,7 +165,7 @@ func TestH2H1AddForwardedObfuscated(t *testing.T) {
|
||||||
// field with IP address in "by" parameter.
|
// field with IP address in "by" parameter.
|
||||||
func TestH2H1AddForwardedByIP(t *testing.T) {
|
func TestH2H1AddForwardedByIP(t *testing.T) {
|
||||||
st := newServerTester([]string{"--add-forwarded=by,for,host,proto", "--forwarded-by=ip", "--forwarded-for=_bravo"}, t, func(w http.ResponseWriter, r *http.Request) {
|
st := newServerTester([]string{"--add-forwarded=by,for,host,proto", "--forwarded-by=ip", "--forwarded-for=_bravo"}, t, func(w http.ResponseWriter, r *http.Request) {
|
||||||
want := fmt.Sprintf(`by="127.0.0.1:%v";for="_bravo";host="127.0.0.1:%v";proto="http"`, serverPort, serverPort)
|
want := fmt.Sprintf(`by="127.0.0.1:%v";for=_bravo;host="127.0.0.1:%v";proto=http`, serverPort, serverPort)
|
||||||
if got := r.Header.Get("Forwarded"); got != want {
|
if got := r.Header.Get("Forwarded"); got != want {
|
||||||
t.Errorf("Forwarded = %v; want %v", got, want)
|
t.Errorf("Forwarded = %v; want %v", got, want)
|
||||||
}
|
}
|
||||||
|
@ -187,7 +187,7 @@ func TestH2H1AddForwardedByIP(t *testing.T) {
|
||||||
// field with IP address in "for" parameters.
|
// field with IP address in "for" parameters.
|
||||||
func TestH2H1AddForwardedForIP(t *testing.T) {
|
func TestH2H1AddForwardedForIP(t *testing.T) {
|
||||||
st := newServerTester([]string{"--add-forwarded=by,for,host,proto", "--forwarded-by=_alpha", "--forwarded-for=ip"}, t, func(w http.ResponseWriter, r *http.Request) {
|
st := newServerTester([]string{"--add-forwarded=by,for,host,proto", "--forwarded-by=_alpha", "--forwarded-for=ip"}, t, func(w http.ResponseWriter, r *http.Request) {
|
||||||
want := fmt.Sprintf(`by="_alpha";for="127.0.0.1";host="127.0.0.1:%v";proto="http"`, serverPort)
|
want := fmt.Sprintf(`by=_alpha;for=127.0.0.1;host="127.0.0.1:%v";proto=http`, serverPort)
|
||||||
if got := r.Header.Get("Forwarded"); got != want {
|
if got := r.Header.Get("Forwarded"); got != want {
|
||||||
t.Errorf("Forwarded = %v; want %v", got, want)
|
t.Errorf("Forwarded = %v; want %v", got, want)
|
||||||
}
|
}
|
||||||
|
@ -210,7 +210,7 @@ func TestH2H1AddForwardedForIP(t *testing.T) {
|
||||||
// generated values must be appended to the existing value.
|
// generated values must be appended to the existing value.
|
||||||
func TestH2H1AddForwardedMerge(t *testing.T) {
|
func TestH2H1AddForwardedMerge(t *testing.T) {
|
||||||
st := newServerTester([]string{"--add-forwarded=proto"}, t, func(w http.ResponseWriter, r *http.Request) {
|
st := newServerTester([]string{"--add-forwarded=proto"}, t, func(w http.ResponseWriter, r *http.Request) {
|
||||||
if got, want := r.Header.Get("Forwarded"), `host=foo, proto="http"`; got != want {
|
if got, want := r.Header.Get("Forwarded"), `host=foo, proto=http`; got != want {
|
||||||
t.Errorf("Forwarded = %v; want %v", got, want)
|
t.Errorf("Forwarded = %v; want %v", got, want)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
@ -235,7 +235,7 @@ func TestH2H1AddForwardedMerge(t *testing.T) {
|
||||||
// generated values must not include the existing value.
|
// generated values must not include the existing value.
|
||||||
func TestH2H1AddForwardedStrip(t *testing.T) {
|
func TestH2H1AddForwardedStrip(t *testing.T) {
|
||||||
st := newServerTester([]string{"--strip-incoming-forwarded", "--add-forwarded=proto"}, t, func(w http.ResponseWriter, r *http.Request) {
|
st := newServerTester([]string{"--strip-incoming-forwarded", "--add-forwarded=proto"}, t, func(w http.ResponseWriter, r *http.Request) {
|
||||||
if got, want := r.Header.Get("Forwarded"), `proto="http"`; got != want {
|
if got, want := r.Header.Get("Forwarded"), `proto=http`; got != want {
|
||||||
t.Errorf("Forwarded = %v; want %v", got, want)
|
t.Errorf("Forwarded = %v; want %v", got, want)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
@ -284,7 +284,7 @@ func TestH2H1StripForwarded(t *testing.T) {
|
||||||
// "for" parameters.
|
// "for" parameters.
|
||||||
func TestH2H1AddForwardedStatic(t *testing.T) {
|
func TestH2H1AddForwardedStatic(t *testing.T) {
|
||||||
st := newServerTester([]string{"--add-forwarded=by,for", "--forwarded-by=_alpha", "--forwarded-for=_bravo"}, t, func(w http.ResponseWriter, r *http.Request) {
|
st := newServerTester([]string{"--add-forwarded=by,for", "--forwarded-by=_alpha", "--forwarded-for=_bravo"}, t, func(w http.ResponseWriter, r *http.Request) {
|
||||||
if got, want := r.Header.Get("Forwarded"), `by="_alpha";for="_bravo"`; got != want {
|
if got, want := r.Header.Get("Forwarded"), `by=_alpha;for=_bravo`; got != want {
|
||||||
t.Errorf("Forwarded = %v; want %v", got, want)
|
t.Errorf("Forwarded = %v; want %v", got, want)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
@ -1672,7 +1672,7 @@ func TestH2H2StripAddXff(t *testing.T) {
|
||||||
// field using static obfuscated "by" and "for" parameter.
|
// field using static obfuscated "by" and "for" parameter.
|
||||||
func TestH2H2AddForwarded(t *testing.T) {
|
func TestH2H2AddForwarded(t *testing.T) {
|
||||||
st := newServerTesterTLS([]string{"--http2-bridge", "--add-forwarded=by,for,host,proto", "--forwarded-by=_alpha", "--forwarded-for=_bravo"}, t, func(w http.ResponseWriter, r *http.Request) {
|
st := newServerTesterTLS([]string{"--http2-bridge", "--add-forwarded=by,for,host,proto", "--forwarded-by=_alpha", "--forwarded-for=_bravo"}, t, func(w http.ResponseWriter, r *http.Request) {
|
||||||
want := fmt.Sprintf(`by="_alpha";for="_bravo";host="127.0.0.1:%v";proto="https"`, serverPort)
|
want := fmt.Sprintf(`by=_alpha;for=_bravo;host="127.0.0.1:%v";proto=https`, serverPort)
|
||||||
if got := r.Header.Get("Forwarded"); got != want {
|
if got := r.Header.Get("Forwarded"); got != want {
|
||||||
t.Errorf("Forwarded = %v; want %v", got, want)
|
t.Errorf("Forwarded = %v; want %v", got, want)
|
||||||
}
|
}
|
||||||
|
@ -1696,7 +1696,7 @@ func TestH2H2AddForwarded(t *testing.T) {
|
||||||
// existing Forwarded header field.
|
// existing Forwarded header field.
|
||||||
func TestH2H2AddForwardedMerge(t *testing.T) {
|
func TestH2H2AddForwardedMerge(t *testing.T) {
|
||||||
st := newServerTesterTLS([]string{"--http2-bridge", "--add-forwarded=by,for,host,proto", "--forwarded-by=_alpha", "--forwarded-for=_bravo"}, t, func(w http.ResponseWriter, r *http.Request) {
|
st := newServerTesterTLS([]string{"--http2-bridge", "--add-forwarded=by,for,host,proto", "--forwarded-by=_alpha", "--forwarded-for=_bravo"}, t, func(w http.ResponseWriter, r *http.Request) {
|
||||||
want := fmt.Sprintf(`host=foo, by="_alpha";for="_bravo";host="127.0.0.1:%v";proto="https"`, serverPort)
|
want := fmt.Sprintf(`host=foo, by=_alpha;for=_bravo;host="127.0.0.1:%v";proto=https`, serverPort)
|
||||||
if got := r.Header.Get("Forwarded"); got != want {
|
if got := r.Header.Get("Forwarded"); got != want {
|
||||||
t.Errorf("Forwarded = %v; want %v", got, want)
|
t.Errorf("Forwarded = %v; want %v", got, want)
|
||||||
}
|
}
|
||||||
|
@ -1723,7 +1723,7 @@ func TestH2H2AddForwardedMerge(t *testing.T) {
|
||||||
// existing Forwarded header field stripped.
|
// existing Forwarded header field stripped.
|
||||||
func TestH2H2AddForwardedStrip(t *testing.T) {
|
func TestH2H2AddForwardedStrip(t *testing.T) {
|
||||||
st := newServerTesterTLS([]string{"--http2-bridge", "--strip-incoming-forwarded", "--add-forwarded=by,for,host,proto", "--forwarded-by=_alpha", "--forwarded-for=_bravo"}, t, func(w http.ResponseWriter, r *http.Request) {
|
st := newServerTesterTLS([]string{"--http2-bridge", "--strip-incoming-forwarded", "--add-forwarded=by,for,host,proto", "--forwarded-by=_alpha", "--forwarded-for=_bravo"}, t, func(w http.ResponseWriter, r *http.Request) {
|
||||||
want := fmt.Sprintf(`by="_alpha";for="_bravo";host="127.0.0.1:%v";proto="https"`, serverPort)
|
want := fmt.Sprintf(`by=_alpha;for=_bravo;host="127.0.0.1:%v";proto=https`, serverPort)
|
||||||
if got := r.Header.Get("Forwarded"); got != want {
|
if got := r.Header.Get("Forwarded"); got != want {
|
||||||
t.Errorf("Forwarded = %v; want %v", got, want)
|
t.Errorf("Forwarded = %v; want %v", got, want)
|
||||||
}
|
}
|
||||||
|
|
|
@ -169,6 +169,7 @@ nghttpx_unittest_SOURCES = shrpx-unittest.cc \
|
||||||
shrpx_ssl_test.cc shrpx_ssl_test.h \
|
shrpx_ssl_test.cc shrpx_ssl_test.h \
|
||||||
shrpx_downstream_test.cc shrpx_downstream_test.h \
|
shrpx_downstream_test.cc shrpx_downstream_test.h \
|
||||||
shrpx_config_test.cc shrpx_config_test.h \
|
shrpx_config_test.cc shrpx_config_test.h \
|
||||||
|
shrpx_http_test.cc shrpx_http_test.h \
|
||||||
http2_test.cc http2_test.h \
|
http2_test.cc http2_test.h \
|
||||||
util_test.cc util_test.h \
|
util_test.cc util_test.h \
|
||||||
nghttp2_gzip_test.c nghttp2_gzip_test.h \
|
nghttp2_gzip_test.c nghttp2_gzip_test.h \
|
||||||
|
|
|
@ -39,6 +39,7 @@
|
||||||
#include "buffer_test.h"
|
#include "buffer_test.h"
|
||||||
#include "memchunk_test.h"
|
#include "memchunk_test.h"
|
||||||
#include "template_test.h"
|
#include "template_test.h"
|
||||||
|
#include "shrpx_http_test.h"
|
||||||
#include "shrpx_config.h"
|
#include "shrpx_config.h"
|
||||||
#include "ssl.h"
|
#include "ssl.h"
|
||||||
|
|
||||||
|
@ -124,6 +125,8 @@ int main(int argc, char *argv[]) {
|
||||||
shrpx::test_shrpx_config_read_tls_ticket_key_file_aes_256) ||
|
shrpx::test_shrpx_config_read_tls_ticket_key_file_aes_256) ||
|
||||||
!CU_add_test(pSuite, "config_match_downstream_addr_group",
|
!CU_add_test(pSuite, "config_match_downstream_addr_group",
|
||||||
shrpx::test_shrpx_config_match_downstream_addr_group) ||
|
shrpx::test_shrpx_config_match_downstream_addr_group) ||
|
||||||
|
!CU_add_test(pSuite, "http_create_forwarded",
|
||||||
|
shrpx::test_shrpx_http_create_forwarded) ||
|
||||||
!CU_add_test(pSuite, "util_streq", shrpx::test_util_streq) ||
|
!CU_add_test(pSuite, "util_streq", shrpx::test_util_streq) ||
|
||||||
!CU_add_test(pSuite, "util_strieq", shrpx::test_util_strieq) ||
|
!CU_add_test(pSuite, "util_strieq", shrpx::test_util_strieq) ||
|
||||||
!CU_add_test(pSuite, "util_inp_strlower",
|
!CU_add_test(pSuite, "util_inp_strlower",
|
||||||
|
|
|
@ -69,24 +69,43 @@ std::string create_forwarded(int params, const std::string &node_by,
|
||||||
const std::string &proto) {
|
const std::string &proto) {
|
||||||
std::string res;
|
std::string res;
|
||||||
if ((params & FORWARDED_BY) && !node_by.empty()) {
|
if ((params & FORWARDED_BY) && !node_by.empty()) {
|
||||||
|
// This must be quoted-string unless it is obfuscated version
|
||||||
|
// (which starts with "_"), since ':' is not allowed in token.
|
||||||
|
// ':' is used to separate host and port.
|
||||||
|
if (node_by[0] == '_') {
|
||||||
|
res += "by=";
|
||||||
|
res += node_by;
|
||||||
|
res += ";";
|
||||||
|
} else {
|
||||||
res += "by=\"";
|
res += "by=\"";
|
||||||
res += node_by;
|
res += node_by;
|
||||||
res += "\";";
|
res += "\";";
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if ((params & FORWARDED_FOR) && !node_for.empty()) {
|
if ((params & FORWARDED_FOR) && !node_for.empty()) {
|
||||||
|
// We only quote IPv6 literal address only, which starts with '['.
|
||||||
|
if (node_for[0] == '[') {
|
||||||
res += "for=\"";
|
res += "for=\"";
|
||||||
res += node_for;
|
res += node_for;
|
||||||
res += "\";";
|
res += "\";";
|
||||||
|
} else {
|
||||||
|
res += "for=";
|
||||||
|
res += node_for;
|
||||||
|
res += ";";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if ((params & FORWARDED_HOST) && !host.empty()) {
|
if ((params & FORWARDED_HOST) && !host.empty()) {
|
||||||
|
// Just be quoted to skip checking characters.
|
||||||
res += "host=\"";
|
res += "host=\"";
|
||||||
res += host;
|
res += host;
|
||||||
res += "\";";
|
res += "\";";
|
||||||
}
|
}
|
||||||
if ((params & FORWARDED_PROTO) && !proto.empty()) {
|
if ((params & FORWARDED_PROTO) && !proto.empty()) {
|
||||||
res += "proto=\"";
|
// Scheme production rule only allow characters which are all in
|
||||||
|
// token.
|
||||||
|
res += "proto=";
|
||||||
res += proto;
|
res += proto;
|
||||||
res += "\";";
|
res += ";";
|
||||||
}
|
}
|
||||||
|
|
||||||
if (res.empty()) {
|
if (res.empty()) {
|
||||||
|
|
Loading…
Reference in New Issue