1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
if (this.document === undefined) {
importScripts("/resources/testharness.js");
importScripts("../resources/utils.js");
}
function requestForbiddenHeaders(desc, forbiddenHeaders) {
var url = RESOURCES_DIR + "inspect-headers.py";
var requestInit = {"headers": forbiddenHeaders}
var urlParameters = "?headers=" + Object.keys(forbiddenHeaders).join("|");
promise_test(function(test){
return fetch(url + urlParameters, requestInit).then(function(resp) {
assert_equals(resp.status, 200, "HTTP status is 200");
assert_equals(resp.type , "basic", "Response's type is basic");
for (var header in forbiddenHeaders)
assert_not_equals(resp.headers.get("x-request-" + header), forbiddenHeaders[header], header + " does not have the value we defined");
});
}, desc);
}
requestForbiddenHeaders("Accept-Charset is a forbidden request header", {"Accept-Charset": "utf-8"});
requestForbiddenHeaders("Accept-Encoding is a forbidden request header", {"Accept-Encoding": ""});
requestForbiddenHeaders("Access-Control-Request-Headers is a forbidden request header", {"Access-Control-Request-Headers": ""});
requestForbiddenHeaders("Access-Control-Request-Method is a forbidden request header", {"Access-Control-Request-Method": ""});
requestForbiddenHeaders("Connection is a forbidden request header", {"Connection": "close"});
requestForbiddenHeaders("Content-Length is a forbidden request header", {"Content-Length": "42"});
requestForbiddenHeaders("Cookie is a forbidden request header", {"Cookie": "cookie=none"});
requestForbiddenHeaders("Cookie2 is a forbidden request header", {"Cookie2": "cookie2=none"});
requestForbiddenHeaders("Date is a forbidden request header", {"Date": "Wed, 04 May 1988 22:22:22 GMT"});
requestForbiddenHeaders("DNT is a forbidden request header", {"DNT": "4"});
requestForbiddenHeaders("Expect is a forbidden request header", {"Expect": "100-continue"});
requestForbiddenHeaders("Host is a forbidden request header", {"Host": "http://wrong-host.com"});
requestForbiddenHeaders("Keep-Alive is a forbidden request header", {"Keep-Alive": "timeout=15"});
requestForbiddenHeaders("Origin is a forbidden request header", {"Origin": "http://wrong-origin.com"});
requestForbiddenHeaders("Referer is a forbidden request header", {"Referer": "http://wrong-referer.com"});
requestForbiddenHeaders("TE is a forbidden request header", {"TE": "trailers"});
requestForbiddenHeaders("Trailer is a forbidden request header", {"Trailer": "Accept"});
requestForbiddenHeaders("Transfer-Encoding is a forbidden request header", {"Transfer-Encoding": "chunked"});
requestForbiddenHeaders("Upgrade is a forbidden request header", {"Upgrade": "HTTP/2.0"});
requestForbiddenHeaders("Via is a forbidden request header", {"Via": "1.1 nowhere.com"});
requestForbiddenHeaders("Proxy- is a forbidden request header", {"Proxy-": "value"});
requestForbiddenHeaders("Proxy-Test is a forbidden request header", {"Proxy-Test": "value"});
requestForbiddenHeaders("Sec- is a forbidden request header", {"Sec-": "value"});
requestForbiddenHeaders("Sec-Test is a forbidden request header", {"Sec-Test": "value"});
done();
|
