# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1650492933 -10800
# Thu Apr 21 01:15:33 2022 +0300
# Node ID bde65a069a0d7ea1d7c456a9b9ed02daf9cb99fb
# Parent 7769bbed69deebfb59b9f312b67788ab75d454c7
Tests: tests for various http header variables.
diff --git a/http_headers_multi.t b/http_headers_multi.t
new file mode 100644
--- /dev/null
+++ b/http_headers_multi.t
@@ -0,0 +1,313 @@
+#!/usr/bin/perl
+
+# (C) Maxim Dounin
+# (C) Nginx, Inc.
+
+# Tests for handling of multiple http headers and access via variables.
+
+###############################################################################
+
+use warnings;
+use strict;
+
+use Test::More;
+use Socket qw/ CRLF /;
+
+BEGIN { use FindBin; chdir($FindBin::Bin); }
+
+use lib 'lib';
+use Test::Nginx;
+
+###############################################################################
+
+select STDERR; $| = 1;
+select STDOUT; $| = 1;
+
+my $t = Test::Nginx->new()->has(qw/http rewrite proxy/)->plan(42);
+
+$t->write_file_expand('nginx.conf', <<'EOF');
+
+%%TEST_GLOBALS%%
+
+daemon off;
+
+events {
+}
+
+http {
+ %%TEST_GLOBALS_HTTP%%
+
+ server {
+ listen 127.0.0.1:8080;
+ server_name localhost;
+
+ location / {
+ add_header X-Forwarded-For $http_x_forwarded_for;
+ add_header X-Cookie $http_cookie;
+ add_header X-Foo $http_foo;
+
+ add_header X-Cookie-Foo $cookie_foo;
+ add_header X-Cookie-Bar $cookie_bar;
+ add_header X-Cookie-Bazz $cookie_bazz;
+
+ return 204;
+ }
+
+ location /s {
+ add_header Cache-Control foo;
+ add_header Cache-Control bar;
+ add_header Cache-Control bazz;
+
+ add_header Link foo;
+ add_header Link bar;
+ add_header Link bazz;
+
+ add_header Foo foo;
+ add_header Foo bar;
+ add_header Foo bazz;
+
+ add_header X-Sent-CC $sent_http_cache_control;
+ add_header X-Sent-Link $sent_http_link;
+ add_header X-Sent-Foo $sent_http_foo;
+
+ return 204;
+ }
+
+ location /t {
+ add_trailer Foo foo;
+ add_trailer Foo bar;
+ add_trailer Foo bazz;
+ add_trailer X-Sent-Trailer-Foo $sent_trailer_foo;
+
+ return 200 "";
+ }
+
+ location /v {
+ add_header X-Forwarded-For $http_x_forwarded_for;
+ add_header X-Cookie $http_cookie;
+
+ add_header X-HTTP-Host $http_host;
+ add_header X-User-Agent $http_user_agent;
+ add_header X-Referer $http_referer;
+ add_header X-Via $http_via;
+
+ add_header X-Content-Length $content_length;
+ add_header X-Content-Type $content_type;
+ add_header X-Host $host;
+ add_header X-Remote-User $remote_user;
+
+ return 204;
+ }
+
+ location /d {
+ return 204;
+ }
+
+ location /u {
+ add_header X-Upstream-Set-Cookie $upstream_http_set_cookie;
+ add_header X-Upstream-Bar $upstream_http_bar;
+
+ add_header X-Upstream-Cookie-Foo $upstream_cookie_foo;
+ add_header X-Upstream-Cookie-Bar $upstream_cookie_bar;
+ add_header X-Upstream-Cookie-Bazz $upstream_cookie_bazz;
+
+ proxy_pass http://127.0.0.1:8080/backend;
+ }
+
+ location /backend {
+ add_header Set-Cookie foo=1;
+ add_header Set-Cookie bar=2;
+ add_header Set-Cookie bazz=3;
+ add_header Bar foo;
+ add_header Bar bar;
+ add_header Bar bazz;
+ return 204;
+ }
+ }
+}
+
+EOF
+
+$t->run();
+
+###############################################################################
+
+# combining multiple headers:
+#
+# $http_cookie, $http_x_forwarded_for, $sent_http_cache_control,
+# and $sent_http_link with special handling, other headers with
+# general handling
+
+# request headers, $http_*
+
+like(get('/', map { "X-Forwarded-For: $_" } qw/ foo bar bazz /),
+ qr/X-Forwarded-For: foo, bar, bazz/, 'multi $http_x_forwarded_for');
+like(get('/', 'Cookie: foo=1', 'Cookie: bar=2', 'Cookie: bazz=3'),
+ qr/X-Cookie: foo=1; bar=2; bazz=3/, 'multi $http_cookie');
+
+TODO: {
+local $TODO = 'not yet';
+
+like(get('/', 'Foo: foo', 'Foo: bar', 'Foo: bazz'),
+ qr/X-Foo: foo, bar, bazz/, 'multi $http_foo');
+
+}
+
+# request cookies, $cookie_*
+
+my $r = get('/', 'Cookie: foo=1', 'Cookie: bar=2', 'Cookie: bazz=3');
+
+like($r, qr/X-Cookie-Foo: 1/, '$cookie_foo');
+like($r, qr/X-Cookie-Bar: 2/, '$cookie_bar');
+like($r, qr/X-Cookie-Bazz: 3/, '$cookie_bazz');
+
+# response headers, $http_*
+
+$r = get('/s');
+
+like($r, qr/X-Sent-CC: foo, bar, bazz/, 'multi $sent_http_cache_control');
+like($r, qr/X-Sent-Link: foo, bar, bazz/, 'multi $sent_http_link');
+
+TODO: {
+local $TODO = 'not yet';
+
+like($r, qr/X-Sent-Foo: foo, bar, bazz/, 'multi $sent_http_foo');
+
+}
+
+# upstream response headers, $upstream_http_*
+
+$r = get('/u');
+
+TODO: {
+local $TODO = 'not yet';
+
+like($r, qr/X-Upstream-Set-Cookie: foo=1, bar=2, bazz=3/,
+ 'multi $upstream_http_set_cookie');
+like($r, qr/X-Upstream-Bar: foo, bar, bazz/, 'multi $upstream_http_bar');
+
+}
+
+# upstream response cookies, $upstream_cookie_*
+
+like($r, qr/X-Upstream-Cookie-Foo: 1/, '$upstream_cookie_foo');
+like($r, qr/X-Upstream-Cookie-Bar: 2/, '$upstream_cookie_bar');
+like($r, qr/X-Upstream-Cookie-Bazz: 3/, '$upstream_cookie_bazz');
+
+# response trailers, $sent_trailer_*
+
+TODO: {
+local $TODO = 'not yet';
+
+like(get('/t'), qr/X-Sent-Trailer-Foo: foo, bar, bazz/,
+ 'multi $sent_trailer_foo');
+
+}
+
+# various variables for request headers:
+#
+# $http_host, $http_user_agent, $http_referer
+# multiple Host, User-Agent, Referer headers are invalid, but we currently
+# reject only requests with multiple Host headers
+#
+# $http_via, $http_x_forwarded_for, $http_cookie
+# multiple headers are valid
+
+like(get('/v'), qr/X-HTTP-Host: localhost/, '$http_host');
+like(get('/v', 'Host: foo', 'Host: bar'),
+ qr/400 Bad/, 'duplicate host rejected');
+
+TODO: {
+local $TODO = 'not yet';
+
+like(get('/v', 'User-Agent: foo', 'User-Agent: bar'),
+ qr/X-User-Agent: foo, bar/, 'multi $http_user_agent (invalid)');
+like(get('/v', 'Referer: foo', 'Referer: bar'),
+ qr/X-Referer: foo, bar/, 'multi $http_referer (invalid)');
+like(get('/v', 'Via: foo', 'Via: bar', 'Via: bazz'),
+ qr/X-Via: foo, bar, bazz/, 'multi $http_via');
+
+}
+
+like(get('/v', 'Cookie: foo', 'Cookie: bar', 'Cookie: bazz'),
+ qr/X-Cookie: foo; bar; bazz/, 'multi $http_cookie');
+like(get('/v', 'X-Forwarded-For: foo', 'X-Forwarded-For: bar',
+ 'X-Forwarded-For: bazz'),
+ qr/X-Forwarded-For: foo, bar, bazz/, 'multi $http_x_forwarded_for');
+
+# other variables related to request headers:
+#
+# $content_length, $content_type, $host, $remote_user
+
+like(get('/v', 'Content-Length: 0'),
+ qr/X-Content-Length: 0/, '$content_length');
+like(get('/v', 'Content-Length: 0', 'Content-Length: 0'),
+ qr/400 Bad/, 'duplicate Content-Length rejected');
+
+like(get('/v', 'Content-Type: foo'),
+ qr/X-Content-Type: foo/, '$content_type');
+
+TODO: {
+local $TODO = 'not yet';
+
+like(get('/v', 'Content-Type: foo', 'Content-Type: bar'),
+ qr/X-Content-Type: foo, bar/, 'multi $content_type (invalid)');
+
+}
+
+like(http("GET /v HTTP/1.0" . CRLF . CRLF),
+ qr/X-Host: localhost/, '$host from server_name');
+like(http("GET /v HTTP/1.0" . CRLF . "Host: foo" . CRLF . CRLF),
+ qr/X-Host: foo/, '$host');
+like(http("GET /v HTTP/1.0" . CRLF . "Host: foo" . CRLF .
+ "Host: bar" . CRLF . CRLF),
+ qr/400 Bad/, 'duplicate host rejected');
+
+like(get('/v', 'Authorization: Basic dXNlcjpzZWNyZXQ='),
+ qr/X-Remote-User: user/, '$remote_user');
+like(get('/v', 'Authorization: Basic dXNlcjpzZWNyZXQ=',
+ 'Authorization: Basic dXNlcjpzZWNyZXQ='),
+ qr/400 Bad/, 'duplicate authorization rejected');
+
+# request headers required to be unique:
+#
+# Host, If-Modified-Since, If-Unmodified-Since, If-Match, If-None-Match,
+# Content-Length, Content-Range, If-Range, Transfer-Encoding, Expect,
+# Authorization
+
+like(get('/d', 'Host: foo', 'Host: bar'),
+ qr/400 Bad/, 'duplicate Host rejected');
+like(get('/d', 'If-Modified-Since: foo', 'If-Modified-Since: bar'),
+ qr/400 Bad/, 'duplicate If-Modified-Since rejected');
+like(get('/d', 'If-Unmodified-Since: foo', 'If-Unmodified-Since: bar'),
+ qr/400 Bad/, 'duplicate If-Unmodified-Since rejected');
+like(get('/d', 'If-Match: foo', 'If-Match: bar'),
+ qr/400 Bad/, 'duplicate If-Match rejected');
+like(get('/d', 'If-None-Match: foo', 'If-None-Match: bar'),
+ qr/400 Bad/, 'duplicate If-None-Match rejected');
+like(get('/d', 'Content-Length: 0', 'Content-Length: 0'),
+ qr/400 Bad/, 'duplicate Content-Length rejected');
+like(get('/d', 'Content-Range: foo', 'Content-Range: bar'),
+ qr/400 Bad/, 'duplicate Content-Range rejected');
+like(get('/d', 'If-Range: foo', 'If-Range: bar'),
+ qr/400 Bad/, 'duplicate If-Range rejected');
+like(get('/d', 'Transfer-Encoding: foo', 'Transfer-Encoding: bar'),
+ qr/400 Bad/, 'duplicate Transfer-Encoding rejected');
+like(get('/d', 'Expect: foo', 'Expect: bar'),
+ qr/400 Bad/, 'duplicate Expect rejected');
+like(get('/d', 'Authorization: foo', 'Authorization: bar'),
+ qr/400 Bad/, 'duplicate Authorization rejected');
+
+###############################################################################
+
+sub get {
+ my ($url, @headers) = @_;
+ return http(
+ "GET $url HTTP/1.1" . CRLF .
+ 'Host: localhost' . CRLF .
+ 'Connection: close' . CRLF .
+ join(CRLF, @headers) . CRLF . CRLF
+ );
+}
+
+###############################################################################
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
