1
0
mirror of https://github.com/containous/traefik.git synced 2024-12-22 13:34:03 +03:00
traefik/integration/headers_test.go

225 lines
6.3 KiB
Go
Raw Normal View History

2019-04-02 11:40:04 +03:00
package integration
import (
"net"
2019-04-02 11:40:04 +03:00
"net/http"
"net/http/httptest"
"testing"
2019-04-02 11:40:04 +03:00
"time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/stretchr/testify/suite"
2023-02-03 17:24:05 +03:00
"github.com/traefik/traefik/v3/integration/try"
2019-04-02 11:40:04 +03:00
)
2020-05-11 13:06:07 +03:00
// Headers tests suite.
2019-04-02 11:40:04 +03:00
type HeadersSuite struct{ BaseSuite }
func TestHeadersSuite(t *testing.T) {
suite.Run(t, new(HeadersSuite))
}
func (s *HeadersSuite) TestSimpleConfiguration() {
s.traefikCmd(withConfigFile("fixtures/headers/basic.toml"))
2019-04-02 11:40:04 +03:00
// Expected a 404 as we did not configure anything
err := try.GetRequest("http://127.0.0.1:8000/", 1000*time.Millisecond, try.StatusCodeIs(http.StatusNotFound))
require.NoError(s.T(), err)
2019-04-02 11:40:04 +03:00
}
func (s *HeadersSuite) TestReverseProxyHeaderRemoved() {
file := s.adaptFile("fixtures/headers/remove_reverseproxy_headers.toml", struct{}{})
s.traefikCmd(withConfigFile(file))
handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
_, found := r.Header["X-Forwarded-Host"]
assert.True(s.T(), found)
_, found = r.Header["Foo"]
assert.False(s.T(), found)
_, found = r.Header["X-Forwarded-For"]
assert.False(s.T(), found)
})
listener, err := net.Listen("tcp", "127.0.0.1:9000")
require.NoError(s.T(), err)
ts := &httptest.Server{
Listener: listener,
Config: &http.Server{Handler: handler},
}
ts.Start()
defer ts.Close()
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
require.NoError(s.T(), err)
req.Host = "test.localhost"
req.Header = http.Header{
"Foo": {"bar"},
}
err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK))
require.NoError(s.T(), err)
}
func (s *HeadersSuite) TestCorsResponses() {
file := s.adaptFile("fixtures/headers/cors.toml", struct{}{})
s.traefikCmd(withConfigFile(file))
2019-04-02 11:40:04 +03:00
backend := startTestServer("9000", http.StatusOK, "")
2019-07-12 12:46:04 +03:00
defer backend.Close()
err := try.GetRequest(backend.URL, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK))
require.NoError(s.T(), err)
2019-07-12 12:46:04 +03:00
2019-04-02 11:40:04 +03:00
testCase := []struct {
desc string
requestHeaders http.Header
expected http.Header
2019-07-12 12:46:04 +03:00
reqHost string
method string
2019-04-02 11:40:04 +03:00
}{
{
desc: "simple access control allow origin",
requestHeaders: http.Header{
"Origin": {"https://foo.bar.org"},
},
expected: http.Header{
"Access-Control-Allow-Origin": {"https://foo.bar.org"},
"Vary": {"Origin"},
},
2019-07-12 12:46:04 +03:00
reqHost: "test.localhost",
method: http.MethodGet,
2019-04-02 11:40:04 +03:00
},
{
desc: "simple preflight request",
requestHeaders: http.Header{
"Access-Control-Request-Headers": {"origin"},
"Access-Control-Request-Method": {"GET", "OPTIONS"},
"Origin": {"https://foo.bar.org"},
},
expected: http.Header{
"Access-Control-Allow-Origin": {"https://foo.bar.org"},
"Access-Control-Max-Age": {"100"},
"Access-Control-Allow-Methods": {"GET,OPTIONS,PUT"},
},
2019-07-12 12:46:04 +03:00
reqHost: "test.localhost",
method: http.MethodOptions,
},
{
desc: "preflight Options request with no cors configured",
requestHeaders: http.Header{
"Access-Control-Request-Headers": {"origin"},
"Access-Control-Request-Method": {"GET", "OPTIONS"},
"Origin": {"https://foo.bar.org"},
},
expected: http.Header{
"X-Custom-Response-Header": {"True"},
},
reqHost: "test2.localhost",
method: http.MethodOptions,
},
{
desc: "preflight Get request with no cors configured",
requestHeaders: http.Header{
"Access-Control-Request-Headers": {"origin"},
"Access-Control-Request-Method": {"GET", "OPTIONS"},
"Origin": {"https://foo.bar.org"},
},
expected: http.Header{
"X-Custom-Response-Header": {"True"},
},
reqHost: "test2.localhost",
method: http.MethodGet,
2019-04-02 11:40:04 +03:00
},
}
for _, test := range testCase {
2019-07-12 12:46:04 +03:00
req, err := http.NewRequest(test.method, "http://127.0.0.1:8000/", nil)
require.NoError(s.T(), err)
2019-07-12 12:46:04 +03:00
req.Host = test.reqHost
2019-04-02 11:40:04 +03:00
req.Header = test.requestHeaders
2019-07-12 12:46:04 +03:00
err = try.Request(req, 500*time.Millisecond, try.HasHeaderStruct(test.expected))
require.NoError(s.T(), err)
2019-04-02 11:40:04 +03:00
}
}
2019-07-29 17:12:05 +03:00
func (s *HeadersSuite) TestSecureHeadersResponses() {
file := s.adaptFile("fixtures/headers/secure.toml", struct{}{})
s.traefikCmd(withConfigFile(file))
2019-07-29 17:12:05 +03:00
backend := startTestServer("9000", http.StatusOK, "")
2019-07-29 17:12:05 +03:00
defer backend.Close()
err := try.GetRequest(backend.URL, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK))
require.NoError(s.T(), err)
2019-07-29 17:12:05 +03:00
testCase := []struct {
desc string
expected http.Header
reqHost string
internalReqHost string
2019-07-29 17:12:05 +03:00
}{
{
desc: "Permissions-Policy Set",
2019-07-29 17:12:05 +03:00
expected: http.Header{
"Permissions-Policy": {"microphone=(),"},
2019-07-29 17:12:05 +03:00
},
reqHost: "test.localhost",
internalReqHost: "internal.localhost",
2019-07-29 17:12:05 +03:00
},
}
for _, test := range testCase {
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
require.NoError(s.T(), err)
2019-07-29 17:12:05 +03:00
req.Host = test.reqHost
err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.HasHeaderStruct(test.expected))
require.NoError(s.T(), err)
req, err = http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/api/rawdata", nil)
require.NoError(s.T(), err)
req.Host = test.internalReqHost
err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK), try.HasHeaderStruct(test.expected))
require.NoError(s.T(), err)
2019-07-29 17:12:05 +03:00
}
}
func (s *HeadersSuite) TestMultipleSecureHeadersResponses() {
file := s.adaptFile("fixtures/headers/secure_multiple.toml", struct{}{})
s.traefikCmd(withConfigFile(file))
2020-07-22 15:39:45 +03:00
backend := startTestServer("9000", http.StatusOK, "")
defer backend.Close()
err := try.GetRequest(backend.URL, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK))
require.NoError(s.T(), err)
testCase := []struct {
desc string
expected http.Header
reqHost string
}{
{
desc: "Multiple Secure Headers Set",
expected: http.Header{
"X-Frame-Options": {"DENY"},
"X-Content-Type-Options": {"nosniff"},
},
reqHost: "test.localhost",
},
}
for _, test := range testCase {
req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
require.NoError(s.T(), err)
req.Host = test.reqHost
err = try.Request(req, 500*time.Millisecond, try.HasHeaderStruct(test.expected))
require.NoError(s.T(), err)
}
}