nghttp2/integration-tests/nghttpx_http2_test.go

3474 lines
89 KiB
Go

package nghttp2
import (
"bytes"
"crypto/tls"
"encoding/json"
"fmt"
"golang.org/x/net/http2"
"golang.org/x/net/http2/hpack"
"io"
"net"
"net/http"
"regexp"
"strings"
"syscall"
"testing"
"time"
)
// TestH2H1PlainGET tests whether simple HTTP/2 GET request works.
func TestH2H1PlainGET(t *testing.T) {
st := newServerTester(t, options{})
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1PlainGET",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
want := 200
if res.status != want {
t.Errorf("status = %v; want %v", res.status, want)
}
}
// TestH2H1AddXfp tests that server appends :scheme to the existing
// x-forwarded-proto header field.
func TestH2H1AddXfp(t *testing.T) {
opts := options{
args: []string{"--no-strip-incoming-x-forwarded-proto"},
handler: func(w http.ResponseWriter, r *http.Request) {
xfp := r.Header.Get("X-Forwarded-Proto")
if got, want := xfp, "foo, http"; got != want {
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1AddXfp",
header: []hpack.HeaderField{
pair("x-forwarded-proto", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1NoAddXfp tests that server does not append :scheme to the
// existing x-forwarded-proto header field.
func TestH2H1NoAddXfp(t *testing.T) {
opts := options{
args: []string{
"--no-add-x-forwarded-proto",
"--no-strip-incoming-x-forwarded-proto",
},
handler: func(w http.ResponseWriter, r *http.Request) {
xfp := r.Header.Get("X-Forwarded-Proto")
if got, want := xfp, "foo"; got != want {
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1NoAddXfp",
header: []hpack.HeaderField{
pair("x-forwarded-proto", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1StripXfp tests that server strips incoming
// x-forwarded-proto header field.
func TestH2H1StripXfp(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
xfp := r.Header.Get("X-Forwarded-Proto")
if got, want := xfp, "http"; got != want {
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1StripXfp",
header: []hpack.HeaderField{
pair("x-forwarded-proto", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1StripNoAddXfp tests that server strips incoming
// x-forwarded-proto header field, and does not add another.
func TestH2H1StripNoAddXfp(t *testing.T) {
opts := options{
args: []string{"--no-add-x-forwarded-proto"},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, found := r.Header["X-Forwarded-Proto"]; found {
t.Errorf("X-Forwarded-Proto = %q; want nothing", got)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1StripNoAddXfp",
header: []hpack.HeaderField{
pair("x-forwarded-proto", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1AddXff tests that server generates X-Forwarded-For header
// field when forwarding request to backend.
func TestH2H1AddXff(t *testing.T) {
opts := options{
args: []string{"--add-x-forwarded-for"},
handler: func(w http.ResponseWriter, r *http.Request) {
xff := r.Header.Get("X-Forwarded-For")
want := "127.0.0.1"
if xff != want {
t.Errorf("X-Forwarded-For = %v; want %v", xff, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1AddXff",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1AddXff2 tests that server appends X-Forwarded-For header
// field to existing one when forwarding request to backend.
func TestH2H1AddXff2(t *testing.T) {
opts := options{
args: []string{"--add-x-forwarded-for"},
handler: func(w http.ResponseWriter, r *http.Request) {
xff := r.Header.Get("X-Forwarded-For")
want := "host, 127.0.0.1"
if xff != want {
t.Errorf("X-Forwarded-For = %v; want %v", xff, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1AddXff2",
header: []hpack.HeaderField{
pair("x-forwarded-for", "host"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1StripXff tests that --strip-incoming-x-forwarded-for
// option.
func TestH2H1StripXff(t *testing.T) {
opts := options{
args: []string{"--strip-incoming-x-forwarded-for"},
handler: func(w http.ResponseWriter, r *http.Request) {
if xff, found := r.Header["X-Forwarded-For"]; found {
t.Errorf("X-Forwarded-For = %v; want nothing", xff)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1StripXff",
header: []hpack.HeaderField{
pair("x-forwarded-for", "host"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1StripAddXff tests that --strip-incoming-x-forwarded-for and
// --add-x-forwarded-for options.
func TestH2H1StripAddXff(t *testing.T) {
opts := options{
args: []string{
"--strip-incoming-x-forwarded-for",
"--add-x-forwarded-for",
},
handler: func(w http.ResponseWriter, r *http.Request) {
xff := r.Header.Get("X-Forwarded-For")
want := "127.0.0.1"
if xff != want {
t.Errorf("X-Forwarded-For = %v; want %v", xff, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1StripAddXff",
header: []hpack.HeaderField{
pair("x-forwarded-for", "host"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1AddForwardedObfuscated tests that server generates
// Forwarded header field with obfuscated "by" and "for" parameters.
func TestH2H1AddForwardedObfuscated(t *testing.T) {
opts := options{
args: []string{"--add-forwarded=by,for,host,proto"},
handler: func(w http.ResponseWriter, r *http.Request) {
pattern := fmt.Sprintf(`by=_[^;]+;for=_[^;]+;host="127\.0\.0\.1:%v";proto=http`, serverPort)
validFwd := regexp.MustCompile(pattern)
got := r.Header.Get("Forwarded")
if !validFwd.MatchString(got) {
t.Errorf("Forwarded = %v; want pattern %v", got, pattern)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1AddForwardedObfuscated",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH2H1AddForwardedByIP tests that server generates Forwarded header
// field with IP address in "by" parameter.
func TestH2H1AddForwardedByIP(t *testing.T) {
opts := options{
args: []string{"--add-forwarded=by,for", "--forwarded-by=ip"},
handler: func(w http.ResponseWriter, r *http.Request) {
pattern := fmt.Sprintf(`by="127\.0\.0\.1:%v";for=_[^;]+`, serverPort)
validFwd := regexp.MustCompile(pattern)
if got := r.Header.Get("Forwarded"); !validFwd.MatchString(got) {
t.Errorf("Forwarded = %v; want pattern %v", got, pattern)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1AddForwardedByIP",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH2H1AddForwardedForIP tests that server generates Forwarded header
// field with IP address in "for" parameters.
func TestH2H1AddForwardedForIP(t *testing.T) {
opts := options{
args: []string{
"--add-forwarded=by,for,host,proto",
"--forwarded-by=_alpha",
"--forwarded-for=ip",
},
handler: func(w http.ResponseWriter, r *http.Request) {
want := fmt.Sprintf(`by=_alpha;for=127.0.0.1;host="127.0.0.1:%v";proto=http`, serverPort)
if got := r.Header.Get("Forwarded"); got != want {
t.Errorf("Forwarded = %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1AddForwardedForIP",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH2H1AddForwardedMerge tests that server generates Forwarded
// header field with IP address in "by" and "for" parameters. The
// generated values must be appended to the existing value.
func TestH2H1AddForwardedMerge(t *testing.T) {
opts := options{
args: []string{"--add-forwarded=proto"},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("Forwarded"), `host=foo, proto=http`; got != want {
t.Errorf("Forwarded = %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1AddForwardedMerge",
header: []hpack.HeaderField{
pair("forwarded", "host=foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH2H1AddForwardedStrip tests that server generates Forwarded
// header field with IP address in "by" and "for" parameters. The
// generated values must not include the existing value.
func TestH2H1AddForwardedStrip(t *testing.T) {
opts := options{
args: []string{
"--strip-incoming-forwarded",
"--add-forwarded=proto",
},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("Forwarded"), `proto=http`; got != want {
t.Errorf("Forwarded = %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1AddForwardedStrip",
header: []hpack.HeaderField{
pair("forwarded", "host=foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH2H1StripForwarded tests that server strips incoming Forwarded
// header field.
func TestH2H1StripForwarded(t *testing.T) {
opts := options{
args: []string{"--strip-incoming-forwarded"},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, found := r.Header["Forwarded"]; found {
t.Errorf("Forwarded = %v; want nothing", got)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1StripForwarded",
header: []hpack.HeaderField{
pair("forwarded", "host=foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH2H1AddForwardedStatic tests that server generates Forwarded
// header field with the given static obfuscated string for "by"
// parameter.
func TestH2H1AddForwardedStatic(t *testing.T) {
opts := options{
args: []string{
"--add-forwarded=by,for",
"--forwarded-by=_alpha",
},
handler: func(w http.ResponseWriter, r *http.Request) {
pattern := `by=_alpha;for=_[^;]+`
validFwd := regexp.MustCompile(pattern)
if got := r.Header.Get("Forwarded"); !validFwd.MatchString(got) {
t.Errorf("Forwarded = %v; want pattern %v", got, pattern)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1AddForwardedStatic",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH2H1GenerateVia tests that server generates Via header field to and
// from backend server.
func TestH2H1GenerateVia(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("Via"), "2 nghttpx"; got != want {
t.Errorf("Via: %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1GenerateVia",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.header.Get("Via"), "1.1 nghttpx"; got != want {
t.Errorf("Via: %v; want %v", got, want)
}
}
// TestH2H1AppendVia tests that server adds value to existing Via
// header field to and from backend server.
func TestH2H1AppendVia(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("Via"), "foo, 2 nghttpx"; got != want {
t.Errorf("Via: %v; want %v", got, want)
}
w.Header().Add("Via", "bar")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1AppendVia",
header: []hpack.HeaderField{
pair("via", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.header.Get("Via"), "bar, 1.1 nghttpx"; got != want {
t.Errorf("Via: %v; want %v", got, want)
}
}
// TestH2H1NoVia tests that server does not add value to existing Via
// header field to and from backend server.
func TestH2H1NoVia(t *testing.T) {
opts := options{
args: []string{"--no-via"},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("Via"), "foo"; got != want {
t.Errorf("Via: %v; want %v", got, want)
}
w.Header().Add("Via", "bar")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1NoVia",
header: []hpack.HeaderField{
pair("via", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.header.Get("Via"), "bar"; got != want {
t.Errorf("Via: %v; want %v", got, want)
}
}
// TestH2H1HostRewrite tests that server rewrites host header field
func TestH2H1HostRewrite(t *testing.T) {
opts := options{
args: []string{"--host-rewrite"},
handler: func(w http.ResponseWriter, r *http.Request) {
w.Header().Add("request-host", r.Host)
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1HostRewrite",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
if got, want := res.header.Get("request-host"), st.backendHost; got != want {
t.Errorf("request-host: %v; want %v", got, want)
}
}
// TestH2H1NoHostRewrite tests that server does not rewrite host
// header field
func TestH2H1NoHostRewrite(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
w.Header().Add("request-host", r.Host)
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1NoHostRewrite",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
if got, want := res.header.Get("request-host"), st.frontendHost; got != want {
t.Errorf("request-host: %v; want %v", got, want)
}
}
// TestH2H1BadRequestCL tests that server rejects request whose
// content-length header field value does not match its request body
// size.
func TestH2H1BadRequestCL(t *testing.T) {
st := newServerTester(t, options{})
defer st.Close()
// we set content-length: 1024, but the actual request body is
// 3 bytes.
res, err := st.http2(requestParam{
name: "TestH2H1BadRequestCL",
method: "POST",
header: []hpack.HeaderField{
pair("content-length", "1024"),
},
body: []byte("foo"),
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
want := http2.ErrCodeProtocol
if res.errCode != want {
t.Errorf("res.errCode = %v; want %v", res.errCode, want)
}
}
// TestH2H1BadResponseCL tests that server returns error when
// content-length response header field value does not match its
// response body size.
func TestH2H1BadResponseCL(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
// we set content-length: 1024, but only send 3 bytes.
w.Header().Add("Content-Length", "1024")
w.Write([]byte("foo"))
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1BadResponseCL",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
want := http2.ErrCodeInternal
if res.errCode != want {
t.Errorf("res.errCode = %v; want %v", res.errCode, want)
}
}
// TestH2H1LocationRewrite tests location header field rewriting
// works.
func TestH2H1LocationRewrite(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
// TODO we cannot get st.ts's port number
// here.. 8443 is just a place holder. We
// ignore it on rewrite.
w.Header().Add("Location", "http://127.0.0.1:8443/p/q?a=b#fragment")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1LocationRewrite",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
want := fmt.Sprintf("http://127.0.0.1:%v/p/q?a=b#fragment", serverPort)
if got := res.header.Get("Location"); got != want {
t.Errorf("Location: %v; want %v", got, want)
}
}
// TestH2H1ChunkedRequestBody tests that chunked request body works.
func TestH2H1ChunkedRequestBody(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
want := "[chunked]"
if got := fmt.Sprint(r.TransferEncoding); got != want {
t.Errorf("Transfer-Encoding: %v; want %v", got, want)
}
body, err := io.ReadAll(r.Body)
if err != nil {
t.Fatalf("Error reading r.body: %v", err)
}
want = "foo"
if got := string(body); got != want {
t.Errorf("body: %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1ChunkedRequestBody",
method: "POST",
body: []byte("foo"),
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1MultipleRequestCL tests that server rejects request with
// multiple Content-Length request header fields.
func TestH2H1MultipleRequestCL(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
t.Errorf("server should not forward bad request")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1MultipleRequestCL",
header: []hpack.HeaderField{
pair("content-length", "1"),
pair("content-length", "1"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.errCode, http2.ErrCodeProtocol; got != want {
t.Errorf("res.errCode: %v; want %v", got, want)
}
}
// TestH2H1InvalidRequestCL tests that server rejects request with
// Content-Length which cannot be parsed as a number.
func TestH2H1InvalidRequestCL(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
t.Errorf("server should not forward bad request")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1InvalidRequestCL",
header: []hpack.HeaderField{
pair("content-length", ""),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.errCode, http2.ErrCodeProtocol; got != want {
t.Errorf("res.errCode: %v; want %v", got, want)
}
}
// // TestH2H1ConnectFailure tests that server handles the situation that
// // connection attempt to HTTP/1 backend failed.
// func TestH2H1ConnectFailure(t *testing.T) {
// st := newServerTester(t, options{})
// defer st.Close()
// // shutdown backend server to simulate backend connect failure
// st.ts.Close()
// res, err := st.http2(requestParam{
// name: "TestH2H1ConnectFailure",
// })
// if err != nil {
// t.Fatalf("Error st.http2() = %v", err)
// }
// want := 503
// if got := res.status; got != want {
// t.Errorf("status: %v; want %v", got, want)
// }
// }
// TestH2H1InvalidMethod tests that server rejects invalid method with
// 501.
func TestH2H1InvalidMethod(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
t.Errorf("server should not forward this request")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1InvalidMethod",
method: "get",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 501; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH2H1BadAuthority tests that server rejects request including
// bad characters in :authority header field.
func TestH2H1BadAuthority(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
t.Errorf("server should not forward this request")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1BadAuthority",
authority: `foo\bar`,
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.errCode, http2.ErrCodeProtocol; got != want {
t.Errorf("res.errCode: %v; want %v", got, want)
}
}
// TestH2H1BadScheme tests that server rejects request including
// bad characters in :scheme header field.
func TestH2H1BadScheme(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
t.Errorf("server should not forward this request")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1BadScheme",
scheme: "http*",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.errCode, http2.ErrCodeProtocol; got != want {
t.Errorf("res.errCode: %v; want %v", got, want)
}
}
// TestH2H1AssembleCookies tests that crumbled cookies in HTTP/2
// request is assembled into 1 when forwarding to HTTP/1 backend link.
func TestH2H1AssembleCookies(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("Cookie"), "alpha; bravo; charlie"; got != want {
t.Errorf("Cookie: %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1AssembleCookies",
header: []hpack.HeaderField{
pair("cookie", "alpha"),
pair("cookie", "bravo"),
pair("cookie", "charlie"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH2H1TETrailers tests that server accepts TE request header
// field if it has trailers only.
func TestH2H1TETrailers(t *testing.T) {
st := newServerTester(t, options{})
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1TETrailers",
header: []hpack.HeaderField{
pair("te", "trailers"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH2H1TEGzip tests that server resets stream if TE request header
// field contains gzip.
func TestH2H1TEGzip(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
t.Error("server should not forward bad request")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1TEGzip",
header: []hpack.HeaderField{
pair("te", "gzip"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.errCode, http2.ErrCodeProtocol; got != want {
t.Errorf("res.errCode = %v; want %v", res.errCode, want)
}
}
// TestH2H1SNI tests server's TLS SNI extension feature. It must
// choose appropriate certificate depending on the indicated
// server_name from client.
func TestH2H1SNI(t *testing.T) {
opts := options{
args: []string{"--subcert=" + testDir + "/alt-server.key:" + testDir + "/alt-server.crt"},
tls: true,
tlsConfig: &tls.Config{
ServerName: "alt-domain",
},
}
st := newServerTester(t, opts)
defer st.Close()
tlsConn := st.conn.(*tls.Conn)
connState := tlsConn.ConnectionState()
cert := connState.PeerCertificates[0]
if got, want := cert.Subject.CommonName, "alt-domain"; got != want {
t.Errorf("CommonName: %v; want %v", got, want)
}
}
// TestH2H1TLSXfp tests nghttpx sends x-forwarded-proto header field
// with http value since :scheme is http, even if the frontend
// connection is encrypted.
func TestH2H1TLSXfp(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("x-forwarded-proto"), "http"; got != want {
t.Errorf("x-forwarded-proto: want %v; got %v", want, got)
}
},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1TLSXfp",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH2H1ServerPush tests server push using Link header field from
// backend server.
func TestH2H1ServerPush(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
// only resources marked as rel=preload are pushed
if !strings.HasPrefix(r.URL.Path, "/css/") {
w.Header().Add("Link", "</css/main.css>; rel=preload, </foo>, </css/theme.css>; rel=preload")
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1ServerPush",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
if got, want := len(res.pushResponse), 2; got != want {
t.Fatalf("len(res.pushResponse): %v; want %v", got, want)
}
mainCSS := res.pushResponse[0]
if got, want := mainCSS.status, 200; got != want {
t.Errorf("mainCSS.status: %v; want %v", got, want)
}
themeCSS := res.pushResponse[1]
if got, want := themeCSS.status, 200; got != want {
t.Errorf("themeCSS.status: %v; want %v", got, want)
}
}
// TestH2H1RequestTrailer tests request trailer part is forwarded to
// backend.
func TestH2H1RequestTrailer(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
buf := make([]byte, 4096)
for {
_, err := r.Body.Read(buf)
if err == io.EOF {
break
}
if err != nil {
t.Fatalf("r.Body.Read() = %v", err)
}
}
if got, want := r.Trailer.Get("foo"), "bar"; got != want {
t.Errorf("r.Trailer.Get(foo): %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1RequestTrailer",
body: []byte("1"),
trailer: []hpack.HeaderField{
pair("foo", "bar"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH2H1HeaderFieldBuffer tests that request with header fields
// larger than configured buffer size is rejected.
func TestH2H1HeaderFieldBuffer(t *testing.T) {
opts := options{
args: []string{"--request-header-field-buffer=10"},
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatal("execution path should not be here")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1HeaderFieldBuffer",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 431; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH2H1HeaderFields tests that request with header fields more
// than configured number is rejected.
func TestH2H1HeaderFields(t *testing.T) {
opts := options{
args: []string{"--max-request-header-fields=1"},
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatal("execution path should not be here")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1HeaderFields",
// we have at least 4 pseudo-header fields sent, and
// that ensures that buffer limit exceeds.
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 431; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH2H1ReqPhaseSetHeader tests mruby request phase hook
// modifies request header fields.
func TestH2H1ReqPhaseSetHeader(t *testing.T) {
opts := options{
args: []string{"--mruby-file=" + testDir + "/req-set-header.rb"},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("User-Agent"), "mruby"; got != want {
t.Errorf("User-Agent = %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1ReqPhaseSetHeader",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1ReqPhaseReturn tests mruby request phase hook returns
// custom response.
func TestH2H1ReqPhaseReturn(t *testing.T) {
opts := options{
args: []string{"--mruby-file=" + testDir + "/req-return.rb"},
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1ReqPhaseReturn",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 404; got != want {
t.Errorf("status = %v; want %v", got, want)
}
hdtests := []struct {
k, v string
}{
{"content-length", "20"},
{"from", "mruby"},
}
for _, tt := range hdtests {
if got, want := res.header.Get(tt.k), tt.v; got != want {
t.Errorf("%v = %v; want %v", tt.k, got, want)
}
}
if got, want := string(res.body), "Hello World from req"; got != want {
t.Errorf("body = %v; want %v", got, want)
}
}
// TestH2H1RespPhaseSetHeader tests mruby response phase hook modifies
// response header fields.
func TestH2H1RespPhaseSetHeader(t *testing.T) {
opts := options{
args: []string{"--mruby-file=" + testDir + "/resp-set-header.rb"},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1RespPhaseSetHeader",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
if got, want := res.header.Get("alpha"), "bravo"; got != want {
t.Errorf("alpha = %v; want %v", got, want)
}
}
// TestH2H1RespPhaseReturn tests mruby response phase hook returns
// custom response.
func TestH2H1RespPhaseReturn(t *testing.T) {
opts := options{
args: []string{"--mruby-file=" + testDir + "/resp-return.rb"},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1RespPhaseReturn",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 404; got != want {
t.Errorf("status = %v; want %v", got, want)
}
hdtests := []struct {
k, v string
}{
{"content-length", "21"},
{"from", "mruby"},
}
for _, tt := range hdtests {
if got, want := res.header.Get(tt.k), tt.v; got != want {
t.Errorf("%v = %v; want %v", tt.k, got, want)
}
}
if got, want := string(res.body), "Hello World from resp"; got != want {
t.Errorf("body = %v; want %v", got, want)
}
}
// TestH2H1Upgrade tests HTTP Upgrade to HTTP/2
func TestH2H1Upgrade(t *testing.T) {
st := newServerTester(t, options{})
defer st.Close()
res, err := st.http1(requestParam{
name: "TestH2H1Upgrade",
header: []hpack.HeaderField{
pair("Connection", "Upgrade, HTTP2-Settings"),
pair("Upgrade", "h2c"),
pair("HTTP2-Settings", "AAMAAABkAAQAAP__"),
},
})
if err != nil {
t.Fatalf("Error st.http1() = %v", err)
}
if got, want := res.status, 101; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
res, err = st.http2(requestParam{
httpUpgrade: true,
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH2H1ProxyProtocolV1ForwardedForObfuscated tests that Forwarded
// header field includes obfuscated address even if PROXY protocol
// version 1 containing TCP4 entry is accepted.
func TestH2H1ProxyProtocolV1ForwardedForObfuscated(t *testing.T) {
pattern := fmt.Sprintf(`^for=_[^;]+$`)
validFwd := regexp.MustCompile(pattern)
opts := options{
args: []string{
"--accept-proxy-protocol",
"--add-x-forwarded-for",
"--add-forwarded=for",
"--forwarded-for=obfuscated",
},
handler: func(w http.ResponseWriter, r *http.Request) {
if got := r.Header.Get("Forwarded"); !validFwd.MatchString(got) {
t.Errorf("Forwarded: %v; want pattern %v", got, pattern)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY TCP4 192.168.0.2 192.168.0.100 12345 8080\r\n"))
res, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1ForwardedForObfuscated",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH2H1ProxyProtocolV1TCP4 tests PROXY protocol version 1
// containing TCP4 entry is accepted and X-Forwarded-For contains
// advertised src address.
func TestH2H1ProxyProtocolV1TCP4(t *testing.T) {
opts := options{
args: []string{
"--accept-proxy-protocol",
"--add-x-forwarded-for",
"--add-forwarded=for",
"--forwarded-for=ip",
},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("X-Forwarded-For"), "192.168.0.2"; got != want {
t.Errorf("X-Forwarded-For: %v; want %v", got, want)
}
if got, want := r.Header.Get("Forwarded"), "for=192.168.0.2"; got != want {
t.Errorf("Forwarded: %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY TCP4 192.168.0.2 192.168.0.100 12345 8080\r\n"))
res, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1TCP4",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH2H1ProxyProtocolV1TCP6 tests PROXY protocol version 1
// containing TCP6 entry is accepted and X-Forwarded-For contains
// advertised src address.
func TestH2H1ProxyProtocolV1TCP6(t *testing.T) {
opts := options{
args: []string{
"--accept-proxy-protocol",
"--add-x-forwarded-for",
"--add-forwarded=for",
"--forwarded-for=ip",
},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("X-Forwarded-For"), "2001:0db8:85a3:0000:0000:8a2e:0370:7334"; got != want {
t.Errorf("X-Forwarded-For: %v; want %v", got, want)
}
if got, want := r.Header.Get("Forwarded"), `for="[2001:0db8:85a3:0000:0000:8a2e:0370:7334]"`; got != want {
t.Errorf("Forwarded: %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY TCP6 2001:0db8:85a3:0000:0000:8a2e:0370:7334 ::1 12345 8080\r\n"))
res, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1TCP6",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH2H1ProxyProtocolV1Unknown tests PROXY protocol version 1
// containing UNKNOWN entry is accepted.
func TestH2H1ProxyProtocolV1Unknown(t *testing.T) {
opts := options{
args: []string{
"--accept-proxy-protocol",
"--add-x-forwarded-for",
"--add-forwarded=for",
"--forwarded-for=ip",
},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, notWant := r.Header.Get("X-Forwarded-For"), "192.168.0.2"; got == notWant {
t.Errorf("X-Forwarded-For: %v; want something else", got)
}
if got, notWant := r.Header.Get("Forwarded"), "for=192.168.0.2"; got == notWant {
t.Errorf("Forwarded: %v; want something else", got)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY UNKNOWN 192.168.0.2 192.168.0.100 12345 8080\r\n"))
res, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1Unknown",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH2H1ProxyProtocolV1JustUnknown tests PROXY protocol version 1
// containing only "PROXY UNKNOWN" is accepted.
func TestH2H1ProxyProtocolV1JustUnknown(t *testing.T) {
opts := options{
args: []string{
"--accept-proxy-protocol",
"--add-x-forwarded-for",
},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY UNKNOWN\r\n"))
res, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1JustUnknown",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH2H1ProxyProtocolV1TooLongLine tests PROXY protocol version 1
// line longer than 107 bytes must be rejected
func TestH2H1ProxyProtocolV1TooLongLine(t *testing.T) {
opts := options{
args: []string{
"--accept-proxy-protocol",
"--add-x-forwarded-for",
},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY UNKNOWN ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff 65535 655350\r\n"))
_, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1TooLongLine",
})
if err == nil {
t.Fatalf("connection was not terminated")
}
}
// TestH2H1ProxyProtocolV1BadLineEnd tests that PROXY protocol version
// 1 line ending without \r\n should be rejected.
func TestH2H1ProxyProtocolV1BadLineEnd(t *testing.T) {
opts := options{
args: []string{"--accept-proxy-protocol"},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 12345 8080\r \n"))
_, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1BadLineEnd",
})
if err == nil {
t.Fatalf("connection was not terminated")
}
}
// TestH2H1ProxyProtocolV1NoEnd tests that PROXY protocol version 1
// line containing no \r\n should be rejected.
func TestH2H1ProxyProtocolV1NoEnd(t *testing.T) {
opts := options{
args: []string{"--accept-proxy-protocol"},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 12345 8080"))
_, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1NoEnd",
})
if err == nil {
t.Fatalf("connection was not terminated")
}
}
// TestH2H1ProxyProtocolV1EmbeddedNULL tests that PROXY protocol
// version 1 line containing NULL character should be rejected.
func TestH2H1ProxyProtocolV1EmbeddedNULL(t *testing.T) {
opts := options{
args: []string{"--accept-proxy-protocol"},
}
st := newServerTester(t, opts)
defer st.Close()
b := []byte("PROXY TCP6 ::1*foo ::1 12345 8080\r\n")
b[14] = 0
st.conn.Write(b)
_, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1EmbeddedNULL",
})
if err == nil {
t.Fatalf("connection was not terminated")
}
}
// TestH2H1ProxyProtocolV1MissingSrcPort tests that PROXY protocol
// version 1 line without src port should be rejected.
func TestH2H1ProxyProtocolV1MissingSrcPort(t *testing.T) {
opts := options{
args: []string{"--accept-proxy-protocol"},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 8080\r\n"))
_, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1MissingSrcPort",
})
if err == nil {
t.Fatalf("connection was not terminated")
}
}
// TestH2H1ProxyProtocolV1MissingDstPort tests that PROXY protocol
// version 1 line without dst port should be rejected.
func TestH2H1ProxyProtocolV1MissingDstPort(t *testing.T) {
opts := options{
args: []string{"--accept-proxy-protocol"},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 12345 \r\n"))
_, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1MissingDstPort",
})
if err == nil {
t.Fatalf("connection was not terminated")
}
}
// TestH2H1ProxyProtocolV1InvalidSrcPort tests that PROXY protocol
// containing invalid src port should be rejected.
func TestH2H1ProxyProtocolV1InvalidSrcPort(t *testing.T) {
opts := options{
args: []string{"--accept-proxy-protocol"},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 123x 8080\r\n"))
_, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1InvalidSrcPort",
})
if err == nil {
t.Fatalf("connection was not terminated")
}
}
// TestH2H1ProxyProtocolV1InvalidDstPort tests that PROXY protocol
// containing invalid dst port should be rejected.
func TestH2H1ProxyProtocolV1InvalidDstPort(t *testing.T) {
opts := options{
args: []string{"--accept-proxy-protocol"},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 123456 80x\r\n"))
_, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1InvalidDstPort",
})
if err == nil {
t.Fatalf("connection was not terminated")
}
}
// TestH2H1ProxyProtocolV1LeadingZeroPort tests that PROXY protocol
// version 1 line with non zero port with leading zero should be
// rejected.
func TestH2H1ProxyProtocolV1LeadingZeroPort(t *testing.T) {
opts := options{
args: []string{"--accept-proxy-protocol"},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 03000 8080\r\n"))
_, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1LeadingZeroPort",
})
if err == nil {
t.Fatalf("connection was not terminated")
}
}
// TestH2H1ProxyProtocolV1TooLargeSrcPort tests that PROXY protocol
// containing too large src port should be rejected.
func TestH2H1ProxyProtocolV1TooLargeSrcPort(t *testing.T) {
opts := options{
args: []string{"--accept-proxy-protocol"},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 65536 8080\r\n"))
_, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1TooLargeSrcPort",
})
if err == nil {
t.Fatalf("connection was not terminated")
}
}
// TestH2H1ProxyProtocolV1TooLargeDstPort tests that PROXY protocol
// containing too large dst port should be rejected.
func TestH2H1ProxyProtocolV1TooLargeDstPort(t *testing.T) {
opts := options{
args: []string{"--accept-proxy-protocol"},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY TCP6 ::1 ::1 12345 65536\r\n"))
_, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1TooLargeDstPort",
})
if err == nil {
t.Fatalf("connection was not terminated")
}
}
// TestH2H1ProxyProtocolV1InvalidSrcAddr tests that PROXY protocol
// containing invalid src addr should be rejected.
func TestH2H1ProxyProtocolV1InvalidSrcAddr(t *testing.T) {
opts := options{
args: []string{"--accept-proxy-protocol"},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY TCP6 192.168.0.1 ::1 12345 8080\r\n"))
_, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1InvalidSrcAddr",
})
if err == nil {
t.Fatalf("connection was not terminated")
}
}
// TestH2H1ProxyProtocolV1InvalidDstAddr tests that PROXY protocol
// containing invalid dst addr should be rejected.
func TestH2H1ProxyProtocolV1InvalidDstAddr(t *testing.T) {
opts := options{
args: []string{"--accept-proxy-protocol"},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY TCP6 ::1 192.168.0.1 12345 8080\r\n"))
_, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1InvalidDstAddr",
})
if err == nil {
t.Fatalf("connection was not terminated")
}
}
// TestH2H1ProxyProtocolV1InvalidProtoFamily tests that PROXY protocol
// containing invalid protocol family should be rejected.
func TestH2H1ProxyProtocolV1InvalidProtoFamily(t *testing.T) {
opts := options{
args: []string{"--accept-proxy-protocol"},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PROXY UNIX ::1 ::1 12345 8080\r\n"))
_, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1InvalidProtoFamily",
})
if err == nil {
t.Fatalf("connection was not terminated")
}
}
// TestH2H1ProxyProtocolV1InvalidID tests that PROXY protocol
// containing invalid PROXY protocol version 1 ID should be rejected.
func TestH2H1ProxyProtocolV1InvalidID(t *testing.T) {
opts := options{
args: []string{"--accept-proxy-protocol"},
}
st := newServerTester(t, opts)
defer st.Close()
st.conn.Write([]byte("PR0XY TCP6 ::1 ::1 12345 8080\r\n"))
_, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV1InvalidID",
})
if err == nil {
t.Fatalf("connection was not terminated")
}
}
// TestH2H1ProxyProtocolV2TCP4 tests PROXY protocol version 2
// containing AF_INET family is accepted and X-Forwarded-For contains
// advertised src address.
func TestH2H1ProxyProtocolV2TCP4(t *testing.T) {
opts := options{
args: []string{
"--accept-proxy-protocol",
"--add-x-forwarded-for",
"--add-forwarded=for",
"--forwarded-for=ip",
},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("X-Forwarded-For"), "192.168.0.2"; got != want {
t.Errorf("X-Forwarded-For: %v; want %v", got, want)
}
if got, want := r.Header.Get("Forwarded"), "for=192.168.0.2"; got != want {
t.Errorf("Forwarded: %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
var b bytes.Buffer
writeProxyProtocolV2(&b, proxyProtocolV2{
command: proxyProtocolV2CommandProxy,
sourceAddress: &net.TCPAddr{
IP: net.ParseIP("192.168.0.2").To4(),
Port: 12345,
},
destinationAddress: &net.TCPAddr{
IP: net.ParseIP("192.168.0.100").To4(),
Port: 8080,
},
additionalData: []byte("foobar"),
})
st.conn.Write(b.Bytes())
res, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV2TCP4",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH2H1ProxyProtocolV2TCP6 tests PROXY protocol version 2
// containing AF_INET6 family is accepted and X-Forwarded-For contains
// advertised src address.
func TestH2H1ProxyProtocolV2TCP6(t *testing.T) {
opts := options{
args: []string{
"--accept-proxy-protocol",
"--add-x-forwarded-for",
"--add-forwarded=for",
"--forwarded-for=ip",
},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("X-Forwarded-For"), "2001:db8:85a3::8a2e:370:7334"; got != want {
t.Errorf("X-Forwarded-For: %v; want %v", got, want)
}
if got, want := r.Header.Get("Forwarded"), `for="[2001:db8:85a3::8a2e:370:7334]"`; got != want {
t.Errorf("Forwarded: %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
var b bytes.Buffer
writeProxyProtocolV2(&b, proxyProtocolV2{
command: proxyProtocolV2CommandProxy,
sourceAddress: &net.TCPAddr{
IP: net.ParseIP("2001:0db8:85a3:0000:0000:8a2e:0370:7334"),
Port: 12345,
},
destinationAddress: &net.TCPAddr{
IP: net.ParseIP("::1"),
Port: 8080,
},
additionalData: []byte("foobar"),
})
st.conn.Write(b.Bytes())
res, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV2TCP6",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH2H1ProxyProtocolV2Local tests PROXY protocol version 2
// containing cmd == Local is ignored.
func TestH2H1ProxyProtocolV2Local(t *testing.T) {
opts := options{
args: []string{
"--accept-proxy-protocol",
"--add-x-forwarded-for",
"--add-forwarded=for",
"--forwarded-for=ip",
},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("X-Forwarded-For"), "127.0.0.1"; got != want {
t.Errorf("X-Forwarded-For: %v; want %v", got, want)
}
if got, want := r.Header.Get("Forwarded"), "for=127.0.0.1"; got != want {
t.Errorf("Forwarded: %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
var b bytes.Buffer
writeProxyProtocolV2(&b, proxyProtocolV2{
command: proxyProtocolV2CommandLocal,
sourceAddress: &net.TCPAddr{
IP: net.ParseIP("192.168.0.2").To4(),
Port: 12345,
},
destinationAddress: &net.TCPAddr{
IP: net.ParseIP("192.168.0.100").To4(),
Port: 8080,
},
additionalData: []byte("foobar"),
})
st.conn.Write(b.Bytes())
res, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV2Local",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH2H1ProxyProtocolV2UnknownCmd tests PROXY protocol version 2
// containing unknown cmd should be rejected.
func TestH2H1ProxyProtocolV2UnknownCmd(t *testing.T) {
opts := options{
args: []string{"--accept-proxy-protocol"},
}
st := newServerTester(t, opts)
defer st.Close()
var b bytes.Buffer
writeProxyProtocolV2(&b, proxyProtocolV2{
command: 0xf,
sourceAddress: &net.TCPAddr{
IP: net.ParseIP("192.168.0.2").To4(),
Port: 12345,
},
destinationAddress: &net.TCPAddr{
IP: net.ParseIP("192.168.0.100").To4(),
Port: 8080,
},
additionalData: []byte("foobar"),
})
st.conn.Write(b.Bytes())
_, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV2UnknownCmd",
})
if err == nil {
t.Fatalf("connection was not terminated")
}
}
// TestH2H1ProxyProtocolV2Unix tests PROXY protocol version 2
// containing AF_UNIX family is ignored.
func TestH2H1ProxyProtocolV2Unix(t *testing.T) {
opts := options{
args: []string{
"--accept-proxy-protocol",
"--add-x-forwarded-for",
"--add-forwarded=for",
"--forwarded-for=ip",
},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("X-Forwarded-For"), "127.0.0.1"; got != want {
t.Errorf("X-Forwarded-For: %v; want %v", got, want)
}
if got, want := r.Header.Get("Forwarded"), "for=127.0.0.1"; got != want {
t.Errorf("Forwarded: %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
var b bytes.Buffer
writeProxyProtocolV2(&b, proxyProtocolV2{
command: proxyProtocolV2CommandProxy,
sourceAddress: &net.UnixAddr{
Name: "/foo",
Net: "unix",
},
destinationAddress: &net.UnixAddr{
Name: "/bar",
Net: "unix",
},
additionalData: []byte("foobar"),
})
st.conn.Write(b.Bytes())
res, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV2Unix",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH2H1ProxyProtocolV2Unspec tests PROXY protocol version 2
// containing AF_UNSPEC family is ignored.
func TestH2H1ProxyProtocolV2Unspec(t *testing.T) {
opts := options{
args: []string{
"--accept-proxy-protocol",
"--add-x-forwarded-for",
"--add-forwarded=for",
"--forwarded-for=ip",
},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("X-Forwarded-For"), "127.0.0.1"; got != want {
t.Errorf("X-Forwarded-For: %v; want %v", got, want)
}
if got, want := r.Header.Get("Forwarded"), "for=127.0.0.1"; got != want {
t.Errorf("Forwarded: %v; want %v", got, want)
}
},
}
st := newServerTester(t, opts)
defer st.Close()
var b bytes.Buffer
writeProxyProtocolV2(&b, proxyProtocolV2{
command: proxyProtocolV2CommandProxy,
additionalData: []byte("foobar"),
})
st.conn.Write(b.Bytes())
res, err := st.http2(requestParam{
name: "TestH2H1ProxyProtocolV2Unspec",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH2H1ExternalDNS tests that DNS resolution using external DNS
// with HTTP/1 backend works.
func TestH2H1ExternalDNS(t *testing.T) {
opts := options{
args: []string{"--external-dns"},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1ExternalDNS",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1DNS tests that DNS resolution without external DNS with
// HTTP/1 backend works.
func TestH2H1DNS(t *testing.T) {
opts := options{
args: []string{"--dns"},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1DNS",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1HTTPSRedirect tests that the request to the backend which
// requires TLS is redirected to https URI.
func TestH2H1HTTPSRedirect(t *testing.T) {
opts := options{
args: []string{"--redirect-if-not-tls"},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1HTTPSRedirect",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 308; got != want {
t.Errorf("status = %v; want %v", got, want)
}
if got, want := res.header.Get("location"), "https://127.0.0.1/"; got != want {
t.Errorf("location: %v; want %v", got, want)
}
}
// TestH2H1HTTPSRedirectPort tests that the request to the backend
// which requires TLS is redirected to https URI with given port.
func TestH2H1HTTPSRedirectPort(t *testing.T) {
opts := options{
args: []string{
"--redirect-if-not-tls",
"--redirect-https-port=8443",
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
path: "/foo?bar",
name: "TestH2H1HTTPSRedirectPort",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 308; got != want {
t.Errorf("status = %v; want %v", got, want)
}
if got, want := res.header.Get("location"), "https://127.0.0.1:8443/foo?bar"; got != want {
t.Errorf("location: %v; want %v", got, want)
}
}
// TestH2H1Code204 tests that 204 response without content-length, and
// transfer-encoding is valid.
func TestH2H1Code204(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusNoContent)
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1Code204",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 204; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1Code204CL0 tests that 204 response with content-length: 0
// is allowed.
func TestH2H1Code204CL0(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
hj, ok := w.(http.Hijacker)
if !ok {
http.Error(w, "Could not hijack the connection", http.StatusInternalServerError)
return
}
conn, bufrw, err := hj.Hijack()
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
defer conn.Close()
bufrw.WriteString("HTTP/1.1 204\r\nContent-Length: 0\r\n\r\n")
bufrw.Flush()
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1Code204CL0",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 204; got != want {
t.Errorf("status = %v; want %v", got, want)
}
if got, found := res.header["Content-Length"]; found {
t.Errorf("Content-Length = %v, want nothing", got)
}
}
// TestH2H1Code204CLNonzero tests that 204 response with nonzero
// content-length is not allowed.
func TestH2H1Code204CLNonzero(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
hj, ok := w.(http.Hijacker)
if !ok {
http.Error(w, "Could not hijack the connection", http.StatusInternalServerError)
return
}
conn, bufrw, err := hj.Hijack()
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
defer conn.Close()
bufrw.WriteString("HTTP/1.1 204\r\nContent-Length: 1\r\n\r\n")
bufrw.Flush()
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1Code204CLNonzero",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 502; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1Code204TE tests that 204 response with transfer-encoding is
// not allowed.
func TestH2H1Code204TE(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
hj, ok := w.(http.Hijacker)
if !ok {
http.Error(w, "Could not hijack the connection", http.StatusInternalServerError)
return
}
conn, bufrw, err := hj.Hijack()
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
defer conn.Close()
bufrw.WriteString("HTTP/1.1 204\r\nTransfer-Encoding: chunked\r\n\r\n")
bufrw.Flush()
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1Code204TE",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 502; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1AffinityCookie tests that affinity cookie is sent back in
// cleartext http.
func TestH2H1AffinityCookie(t *testing.T) {
opts := options{
args: []string{"--affinity-cookie"},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1AffinityCookie",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
const pattern = `affinity=[0-9a-f]{8}; Path=/foo/bar`
validCookie := regexp.MustCompile(pattern)
if got := res.header.Get("Set-Cookie"); !validCookie.MatchString(got) {
t.Errorf("Set-Cookie: %v; want pattern %v", got, pattern)
}
}
// TestH2H1AffinityCookieTLS tests that affinity cookie is sent back
// in https.
func TestH2H1AffinityCookieTLS(t *testing.T) {
opts := options{
args: []string{"--affinity-cookie"},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1AffinityCookieTLS",
scheme: "https",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
const pattern = `affinity=[0-9a-f]{8}; Path=/foo/bar; Secure`
validCookie := regexp.MustCompile(pattern)
if got := res.header.Get("Set-Cookie"); !validCookie.MatchString(got) {
t.Errorf("Set-Cookie: %v; want pattern %v", got, pattern)
}
}
// TestH2H1GracefulShutdown tests graceful shutdown.
func TestH2H1GracefulShutdown(t *testing.T) {
st := newServerTester(t, options{})
defer st.Close()
fmt.Fprint(st.conn, "PRI * HTTP/2.0\r\n\r\nSM\r\n\r\n")
if err := st.fr.WriteSettings(); err != nil {
t.Fatalf("st.fr.WriteSettings(): %v", err)
}
header := []hpack.HeaderField{
pair(":method", "GET"),
pair(":scheme", "http"),
pair(":authority", st.authority),
pair(":path", "/"),
}
for _, h := range header {
_ = st.enc.WriteField(h)
}
if err := st.fr.WriteHeaders(http2.HeadersFrameParam{
StreamID: 1,
EndStream: false,
EndHeaders: true,
BlockFragment: st.headerBlkBuf.Bytes(),
}); err != nil {
t.Fatalf("st.fr.WriteHeaders(): %v", err)
}
// send SIGQUIT signal to nghttpx to perform graceful shutdown
st.cmd.Process.Signal(syscall.SIGQUIT)
time.Sleep(150 * time.Millisecond)
// after signal, finish request body
if err := st.fr.WriteData(1, true, nil); err != nil {
t.Fatalf("st.fr.WriteData(): %v", err)
}
numGoAway := 0
for {
fr, err := st.readFrame()
if err != nil {
if err == io.EOF {
want := 2
if got := numGoAway; got != want {
t.Fatalf("numGoAway: %v; want %v", got, want)
}
return
}
t.Fatalf("st.readFrame(): %v", err)
}
switch f := fr.(type) {
case *http2.GoAwayFrame:
numGoAway += 1
want := http2.ErrCodeNo
if got := f.ErrCode; got != want {
t.Fatalf("f.ErrCode(%v): %v; want %v", numGoAway, got, want)
}
switch numGoAway {
case 1:
want := (uint32(1) << 31) - 1
if got := f.LastStreamID; got != want {
t.Fatalf("f.LastStreamID(%v): %v; want %v", numGoAway, got, want)
}
case 2:
want := uint32(1)
if got := f.LastStreamID; got != want {
t.Fatalf("f.LastStreamID(%v): %v; want %v", numGoAway, got, want)
}
case 3:
t.Fatalf("too many GOAWAYs received")
}
}
}
}
// TestH2H2MultipleResponseCL tests that server returns error if
// multiple Content-Length response header fields are received.
func TestH2H2MultipleResponseCL(t *testing.T) {
opts := options{
args: []string{"--http2-bridge"},
handler: func(w http.ResponseWriter, r *http.Request) {
w.Header().Add("content-length", "1")
w.Header().Add("content-length", "1")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2MultipleResponseCL",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.errCode, http2.ErrCodeInternal; got != want {
t.Errorf("res.errCode: %v; want %v", got, want)
}
}
// TestH2H2InvalidResponseCL tests that server returns error if
// Content-Length response header field value cannot be parsed as a
// number.
func TestH2H2InvalidResponseCL(t *testing.T) {
opts := options{
args: []string{"--http2-bridge"},
handler: func(w http.ResponseWriter, r *http.Request) {
w.Header().Add("content-length", "")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2InvalidResponseCL",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.errCode, http2.ErrCodeInternal; got != want {
t.Errorf("res.errCode: %v; want %v", got, want)
}
}
// // TestH2H2ConnectFailure tests that server handles the situation that
// // connection attempt to HTTP/2 backend failed.
// func TestH2H2ConnectFailure(t *testing.T) {
// opts := options{
// args: []string{"--http2-bridge"},
// }
// st := newServerTester(t, opts)
// defer st.Close()
// // simulate backend connect attempt failure
// st.ts.Close()
// res, err := st.http2(requestParam{
// name: "TestH2H2ConnectFailure",
// })
// if err != nil {
// t.Fatalf("Error st.http2() = %v", err)
// }
// want := 503
// if got := res.status; got != want {
// t.Errorf("status: %v; want %v", got, want)
// }
// }
// TestH2H2HostRewrite tests that server rewrites host header field
func TestH2H2HostRewrite(t *testing.T) {
opts := options{
args: []string{"--http2-bridge", "--host-rewrite"},
handler: func(w http.ResponseWriter, r *http.Request) {
w.Header().Add("request-host", r.Host)
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2HostRewrite",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
if got, want := res.header.Get("request-host"), st.backendHost; got != want {
t.Errorf("request-host: %v; want %v", got, want)
}
}
// TestH2H2NoHostRewrite tests that server does not rewrite host
// header field
func TestH2H2NoHostRewrite(t *testing.T) {
opts := options{
args: []string{"--http2-bridge"},
handler: func(w http.ResponseWriter, r *http.Request) {
w.Header().Add("request-host", r.Host)
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2NoHostRewrite",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
if got, want := res.header.Get("request-host"), st.frontendHost; got != want {
t.Errorf("request-host: %v; want %v", got, want)
}
}
// TestH2H2TLSXfp tests nghttpx sends x-forwarded-proto header field
// with http value since :scheme is http, even if the frontend
// connection is encrypted.
func TestH2H2TLSXfp(t *testing.T) {
opts := options{
args: []string{"--http2-bridge"},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, want := r.Header.Get("x-forwarded-proto"), "http"; got != want {
t.Errorf("x-forwarded-proto: want %v; got %v", want, got)
}
},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2TLSXfp",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH2H2AddXfp tests that server appends :scheme to the existing
// x-forwarded-proto header field.
func TestH2H2AddXfp(t *testing.T) {
opts := options{
args: []string{
"--http2-bridge",
"--no-strip-incoming-x-forwarded-proto",
},
handler: func(w http.ResponseWriter, r *http.Request) {
xfp := r.Header.Get("X-Forwarded-Proto")
if got, want := xfp, "foo, http"; got != want {
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
}
},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2AddXfp",
header: []hpack.HeaderField{
pair("x-forwarded-proto", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H2NoAddXfp tests that server does not append :scheme to the
// existing x-forwarded-proto header field.
func TestH2H2NoAddXfp(t *testing.T) {
opts := options{
args: []string{
"--http2-bridge",
"--no-add-x-forwarded-proto",
"--no-strip-incoming-x-forwarded-proto",
},
handler: func(w http.ResponseWriter, r *http.Request) {
xfp := r.Header.Get("X-Forwarded-Proto")
if got, want := xfp, "foo"; got != want {
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
}
},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2NoAddXfp",
header: []hpack.HeaderField{
pair("x-forwarded-proto", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H2StripXfp tests that server strips incoming
// x-forwarded-proto header field.
func TestH2H2StripXfp(t *testing.T) {
opts := options{
args: []string{"--http2-bridge"},
handler: func(w http.ResponseWriter, r *http.Request) {
xfp := r.Header.Get("X-Forwarded-Proto")
if got, want := xfp, "http"; got != want {
t.Errorf("X-Forwarded-Proto = %q; want %q", got, want)
}
},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2StripXfp",
header: []hpack.HeaderField{
pair("x-forwarded-proto", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H2StripNoAddXfp tests that server strips incoming
// x-forwarded-proto header field, and does not add another.
func TestH2H2StripNoAddXfp(t *testing.T) {
opts := options{
args: []string{"--http2-bridge", "--no-add-x-forwarded-proto"},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, found := r.Header["X-Forwarded-Proto"]; found {
t.Errorf("X-Forwarded-Proto = %q; want nothing", got)
}
},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2StripNoAddXfp",
header: []hpack.HeaderField{
pair("x-forwarded-proto", "foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H2AddXff tests that server generates X-Forwarded-For header
// field when forwarding request to backend.
func TestH2H2AddXff(t *testing.T) {
opts := options{
args: []string{"--http2-bridge", "--add-x-forwarded-for"},
handler: func(w http.ResponseWriter, r *http.Request) {
xff := r.Header.Get("X-Forwarded-For")
want := "127.0.0.1"
if xff != want {
t.Errorf("X-Forwarded-For = %v; want %v", xff, want)
}
},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2AddXff",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H2AddXff2 tests that server appends X-Forwarded-For header
// field to existing one when forwarding request to backend.
func TestH2H2AddXff2(t *testing.T) {
opts := options{
args: []string{"--http2-bridge", "--add-x-forwarded-for"},
handler: func(w http.ResponseWriter, r *http.Request) {
xff := r.Header.Get("X-Forwarded-For")
want := "host, 127.0.0.1"
if xff != want {
t.Errorf("X-Forwarded-For = %v; want %v", xff, want)
}
},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2AddXff2",
header: []hpack.HeaderField{
pair("x-forwarded-for", "host"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H2StripXff tests that --strip-incoming-x-forwarded-for
// option.
func TestH2H2StripXff(t *testing.T) {
opts := options{
args: []string{
"--http2-bridge",
"--strip-incoming-x-forwarded-for",
},
handler: func(w http.ResponseWriter, r *http.Request) {
if xff, found := r.Header["X-Forwarded-For"]; found {
t.Errorf("X-Forwarded-For = %v; want nothing", xff)
}
},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2StripXff",
header: []hpack.HeaderField{
pair("x-forwarded-for", "host"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H2StripAddXff tests that --strip-incoming-x-forwarded-for and
// --add-x-forwarded-for options.
func TestH2H2StripAddXff(t *testing.T) {
opts := options{
args: []string{
"--http2-bridge",
"--strip-incoming-x-forwarded-for",
"--add-x-forwarded-for",
},
handler: func(w http.ResponseWriter, r *http.Request) {
xff := r.Header.Get("X-Forwarded-For")
want := "127.0.0.1"
if xff != want {
t.Errorf("X-Forwarded-For = %v; want %v", xff, want)
}
},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2StripAddXff",
header: []hpack.HeaderField{
pair("x-forwarded-for", "host"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H2AddForwarded tests that server generates Forwarded header
// field using static obfuscated "by" parameter.
func TestH2H2AddForwarded(t *testing.T) {
opts := options{
args: []string{
"--http2-bridge",
"--add-forwarded=by,for,host,proto",
"--forwarded-by=_alpha",
},
handler: func(w http.ResponseWriter, r *http.Request) {
pattern := fmt.Sprintf(`by=_alpha;for=_[^;]+;host="127\.0\.0\.1:%v";proto=https`, serverPort)
validFwd := regexp.MustCompile(pattern)
if got := r.Header.Get("Forwarded"); !validFwd.MatchString(got) {
t.Errorf("Forwarded = %v; want pattern %v", got, pattern)
}
},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2AddForwarded",
scheme: "https",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH2H2AddForwardedMerge tests that server generates Forwarded
// header field using static obfuscated "by" parameter, and
// existing Forwarded header field.
func TestH2H2AddForwardedMerge(t *testing.T) {
opts := options{
args: []string{
"--http2-bridge",
"--add-forwarded=by,host,proto",
"--forwarded-by=_alpha",
},
handler: func(w http.ResponseWriter, r *http.Request) {
want := fmt.Sprintf(`host=foo, by=_alpha;host="127.0.0.1:%v";proto=https`, serverPort)
if got := r.Header.Get("Forwarded"); got != want {
t.Errorf("Forwarded = %v; want %v", got, want)
}
},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2AddForwardedMerge",
scheme: "https",
header: []hpack.HeaderField{
pair("forwarded", "host=foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH2H2AddForwardedStrip tests that server generates Forwarded
// header field using static obfuscated "by" parameter, and
// existing Forwarded header field stripped.
func TestH2H2AddForwardedStrip(t *testing.T) {
opts := options{
args: []string{
"--http2-bridge",
"--strip-incoming-forwarded",
"--add-forwarded=by,host,proto",
"--forwarded-by=_alpha",
},
handler: func(w http.ResponseWriter, r *http.Request) {
want := fmt.Sprintf(`by=_alpha;host="127.0.0.1:%v";proto=https`, serverPort)
if got := r.Header.Get("Forwarded"); got != want {
t.Errorf("Forwarded = %v; want %v", got, want)
}
},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2AddForwardedStrip",
scheme: "https",
header: []hpack.HeaderField{
pair("forwarded", "host=foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH2H2StripForwarded tests that server strips incoming Forwarded
// header field.
func TestH2H2StripForwarded(t *testing.T) {
opts := options{
args: []string{"--http2-bridge", "--strip-incoming-forwarded"},
handler: func(w http.ResponseWriter, r *http.Request) {
if got, found := r.Header["Forwarded"]; found {
t.Errorf("Forwarded = %v; want nothing", got)
}
},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2StripForwarded",
scheme: "https",
header: []hpack.HeaderField{
pair("forwarded", "host=foo"),
},
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status: %v; want %v", got, want)
}
}
// TestH2H2ReqPhaseReturn tests mruby request phase hook returns
// custom response.
func TestH2H2ReqPhaseReturn(t *testing.T) {
opts := options{
args: []string{
"--http2-bridge",
"--mruby-file=" + testDir + "/req-return.rb",
},
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2ReqPhaseReturn",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 404; got != want {
t.Errorf("status = %v; want %v", got, want)
}
hdtests := []struct {
k, v string
}{
{"content-length", "20"},
{"from", "mruby"},
}
for _, tt := range hdtests {
if got, want := res.header.Get(tt.k), tt.v; got != want {
t.Errorf("%v = %v; want %v", tt.k, got, want)
}
}
if got, want := string(res.body), "Hello World from req"; got != want {
t.Errorf("body = %v; want %v", got, want)
}
}
// TestH2H2RespPhaseReturn tests mruby response phase hook returns
// custom response.
func TestH2H2RespPhaseReturn(t *testing.T) {
opts := options{
args: []string{
"--http2-bridge",
"--mruby-file=" + testDir + "/resp-return.rb",
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2RespPhaseReturn",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 404; got != want {
t.Errorf("status = %v; want %v", got, want)
}
hdtests := []struct {
k, v string
}{
{"content-length", "21"},
{"from", "mruby"},
}
for _, tt := range hdtests {
if got, want := res.header.Get(tt.k), tt.v; got != want {
t.Errorf("%v = %v; want %v", tt.k, got, want)
}
}
if got, want := string(res.body), "Hello World from resp"; got != want {
t.Errorf("body = %v; want %v", got, want)
}
}
// TestH2H2ExternalDNS tests that DNS resolution using external DNS
// with HTTP/2 backend works.
func TestH2H2ExternalDNS(t *testing.T) {
opts := options{
args: []string{"--http2-bridge", "--external-dns"},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2ExternalDNS",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H2DNS tests that DNS resolution without external DNS with
// HTTP/2 backend works.
func TestH2H2DNS(t *testing.T) {
opts := options{
args: []string{"--http2-bridge", "--dns"},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2DNS",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H2Code204 tests that 204 response without content-length, and
// transfer-encoding is valid.
func TestH2H2Code204(t *testing.T) {
opts := options{
args: []string{"--http2-bridge"},
handler: func(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusNoContent)
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H2Code204",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 204; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2APIBackendconfig exercise backendconfig API endpoint routine
// for successful case.
func TestH2APIBackendconfig(t *testing.T) {
opts := options{
args: []string{"-f127.0.0.1,3010;api;no-tls"},
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
connectPort: 3010,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2APIBackendconfig",
path: "/api/v1beta1/backendconfig",
method: "PUT",
body: []byte(`# comment
backend=127.0.0.1,3011
`),
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
var apiResp APIResponse
err = json.Unmarshal(res.body, &apiResp)
if err != nil {
t.Fatalf("Error unmarshaling API response: %v", err)
}
if got, want := apiResp.Status, "Success"; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
if got, want := apiResp.Code, 200; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
}
// TestH2APIBackendconfigQuery exercise backendconfig API endpoint
// routine with query.
func TestH2APIBackendconfigQuery(t *testing.T) {
opts := options{
args: []string{"-f127.0.0.1,3010;api;no-tls"},
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
connectPort: 3010,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2APIBackendconfigQuery",
path: "/api/v1beta1/backendconfig?foo=bar",
method: "PUT",
body: []byte(`# comment
backend=127.0.0.1,3011
`),
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
var apiResp APIResponse
err = json.Unmarshal(res.body, &apiResp)
if err != nil {
t.Fatalf("Error unmarshaling API response: %v", err)
}
if got, want := apiResp.Status, "Success"; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
if got, want := apiResp.Code, 200; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
}
// TestH2APIBackendconfigBadMethod exercise backendconfig API endpoint
// routine with bad method.
func TestH2APIBackendconfigBadMethod(t *testing.T) {
opts := options{
args: []string{"-f127.0.0.1,3010;api;no-tls"},
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
connectPort: 3010,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2APIBackendconfigBadMethod",
path: "/api/v1beta1/backendconfig",
method: "GET",
body: []byte(`# comment
backend=127.0.0.1,3011
`),
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 405; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
var apiResp APIResponse
err = json.Unmarshal(res.body, &apiResp)
if err != nil {
t.Fatalf("Error unmarshaling API response: %v", err)
}
if got, want := apiResp.Status, "Failure"; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
if got, want := apiResp.Code, 405; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
}
// TestH2APIConfigrevision tests configrevision API.
func TestH2APIConfigrevision(t *testing.T) {
opts := options{
args: []string{"-f127.0.0.1,3010;api;no-tls"},
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
connectPort: 3010,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2APIConfigrevision",
path: "/api/v1beta1/configrevision",
method: "GET",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want = %v", got, want)
}
var apiResp APIResponse
d := json.NewDecoder(bytes.NewBuffer(res.body))
d.UseNumber()
err = d.Decode(&apiResp)
if err != nil {
t.Fatalf("Error unmarshalling API response: %v", err)
}
if got, want := apiResp.Status, "Success"; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
if got, want := apiResp.Code, 200; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
if got, want := apiResp.Data["configRevision"], json.Number("0"); got != want {
t.Errorf(`apiResp.Data["configRevision"]: %v %t; want %v`, got, got, want)
}
}
// TestH2APINotFound exercise backendconfig API endpoint routine when
// API endpoint is not found.
func TestH2APINotFound(t *testing.T) {
opts := options{
args: []string{"-f127.0.0.1,3010;api;no-tls"},
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
connectPort: 3010,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2APINotFound",
path: "/api/notfound",
method: "GET",
body: []byte(`# comment
backend=127.0.0.1,3011
`),
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 404; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
var apiResp APIResponse
err = json.Unmarshal(res.body, &apiResp)
if err != nil {
t.Fatalf("Error unmarshaling API response: %v", err)
}
if got, want := apiResp.Status, "Failure"; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
if got, want := apiResp.Code, 404; got != want {
t.Errorf("apiResp.Status: %v; want %v", got, want)
}
}
// TestH2Healthmon tests health monitor endpoint.
func TestH2Healthmon(t *testing.T) {
opts := options{
args: []string{"-f127.0.0.1,3011;healthmon;no-tls"},
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatalf("request should not be forwarded")
},
connectPort: 3011,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2Healthmon",
path: "/alpha/bravo",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 200; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH2ResponseBeforeRequestEnd tests the situation where response
// ends before request body finishes.
func TestH2ResponseBeforeRequestEnd(t *testing.T) {
opts := options{
args: []string{"--mruby-file=" + testDir + "/req-return.rb"},
handler: func(w http.ResponseWriter, r *http.Request) {
t.Fatal("request should not be forwarded")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2ResponseBeforeRequestEnd",
noEndStream: true,
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 404; got != want {
t.Errorf("res.status: %v; want %v", got, want)
}
}
// TestH2H1ChunkedEndsPrematurely tests that a stream is reset if the
// backend chunked encoded response ends prematurely.
func TestH2H1ChunkedEndsPrematurely(t *testing.T) {
opts := options{
handler: func(w http.ResponseWriter, r *http.Request) {
hj, ok := w.(http.Hijacker)
if !ok {
http.Error(w, "Could not hijack the connection", http.StatusInternalServerError)
return
}
conn, bufrw, err := hj.Hijack()
if err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
defer conn.Close()
bufrw.WriteString("HTTP/1.1 200\r\nTransfer-Encoding: chunked\r\n\r\n")
bufrw.Flush()
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1ChunkedEndsPrematurely",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.errCode, http2.ErrCodeInternal; got != want {
t.Errorf("res.errCode = %v; want %v", got, want)
}
}
// TestH2H1RequireHTTPSchemeHTTPSWithoutEncryption verifies that https
// scheme in non-encrypted connection is treated as error.
func TestH2H1RequireHTTPSchemeHTTPSWithoutEncryption(t *testing.T) {
opts := options{
args: []string{"--require-http-scheme"},
handler: func(w http.ResponseWriter, r *http.Request) {
t.Errorf("server should not forward this request")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1RequireHTTPSchemeHTTPSWithoutEncryption",
scheme: "https",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 400; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1RequireHTTPSchemeHTTPWithEncryption verifies that http
// scheme in encrypted connection is treated as error.
func TestH2H1RequireHTTPSchemeHTTPWithEncryption(t *testing.T) {
opts := options{
args: []string{"--require-http-scheme"},
handler: func(w http.ResponseWriter, r *http.Request) {
t.Errorf("server should not forward this request")
},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1RequireHTTPSchemeHTTPWithEncryption",
scheme: "http",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 400; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1RequireHTTPSchemeUnknownSchemeWithoutEncryption verifies
// that unknown scheme in non-encrypted connection is treated as
// error.
func TestH2H1RequireHTTPSchemeUnknownSchemeWithoutEncryption(t *testing.T) {
opts := options{
args: []string{"--require-http-scheme"},
handler: func(w http.ResponseWriter, r *http.Request) {
t.Errorf("server should not forward this request")
},
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1RequireHTTPSchemeUnknownSchemeWithoutEncryption",
scheme: "unknown",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 400; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}
// TestH2H1RequireHTTPSchemeUnknownSchemeWithEncryption verifies that
// unknown scheme in encrypted connection is treated as error.
func TestH2H1RequireHTTPSchemeUnknownSchemeWithEncryption(t *testing.T) {
opts := options{
args: []string{"--require-http-scheme"},
handler: func(w http.ResponseWriter, r *http.Request) {
t.Errorf("server should not forward this request")
},
tls: true,
}
st := newServerTester(t, opts)
defer st.Close()
res, err := st.http2(requestParam{
name: "TestH2H1RequireHTTPSchemeUnknownSchemeWithEncryption",
scheme: "unknown",
})
if err != nil {
t.Fatalf("Error st.http2() = %v", err)
}
if got, want := res.status, 400; got != want {
t.Errorf("status = %v; want %v", got, want)
}
}