diff options
author | Eric Wong <normalperson@yhbt.net> | 2010-12-20 22:05:50 +0000 |
---|---|---|
committer | Eric Wong <normalperson@yhbt.net> | 2010-12-20 22:05:50 +0000 |
commit | bf64b9aa855cf3590a4d5b4eca853aef33ba90cc (patch) | |
tree | 0867d533bd3f79ebf336d0fda2667bb8f787e875 /test/unit | |
parent | 8be3668c11cf721960581e325b481c105e8f3c89 (diff) | |
download | unicorn-bf64b9aa855cf3590a4d5b4eca853aef33ba90cc.tar.gz |
Evil clients may be exposed to the Unicorn parser via Rainbows!, so we'll allow people to turn off blindly trusting certain X-Forwarded* headers for "rack.url_scheme" and rely on middleware to handle it.
Diffstat (limited to 'test/unit')
-rw-r--r-- | test/unit/test_http_parser_xftrust.rb | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/test/unit/test_http_parser_xftrust.rb b/test/unit/test_http_parser_xftrust.rb new file mode 100644 index 0000000..8c3db40 --- /dev/null +++ b/test/unit/test_http_parser_xftrust.rb @@ -0,0 +1,38 @@ +# -*- encoding: binary -*- +require 'test/test_helper' + +include Unicorn + +class HttpParserXFTrustTest < Test::Unit::TestCase + def setup + assert HttpParser.x_forwarded_trust? + end + + def test_xf_trust_false_xfp + HttpParser.x_forwarded_trust = false + parser = HttpParser.new + parser.buf << "GET / HTTP/1.1\r\nHost: foo:\r\n" \ + "X-Forwarded-Proto: https\r\n\r\n" + env = parser.parse + assert_kind_of Hash, env + assert_equal 'foo', env['SERVER_NAME'] + assert_equal '80', env['SERVER_PORT'] + assert_equal 'http', env['rack.url_scheme'] + end + + def test_xf_trust_false_xfs + HttpParser.x_forwarded_trust = false + parser = HttpParser.new + parser.buf << "GET / HTTP/1.1\r\nHost: foo:\r\n" \ + "X-Forwarded-SSL: on\r\n\r\n" + env = parser.parse + assert_kind_of Hash, env + assert_equal 'foo', env['SERVER_NAME'] + assert_equal '80', env['SERVER_PORT'] + assert_equal 'http', env['rack.url_scheme'] + end + + def teardown + HttpParser.x_forwarded_trust = true + end +end |