thib8956/nginx-proxy
1
0
Fork 0
mirror of https://github.com/thib8956/nginx-proxy synced 2025-02-24 09:48:14 +00:00
Code Issues Releases Wiki Activity
nginx-proxy/test/test_trust-downstream-proxy/test_disabled.py
Richard Hansen 8aa00fcea2 feat: Option to not trust X-Forwarded-* headers from clients 
If header values from a malicious client are passed to the backend
server unchecked and unchanged, the client may be able to subvert
security checks done by the backend server.
2022-12-19 02:48:01 -05:00

21 lines
1.0 KiB
Python
Raw Blame History

import pytest
import re
@pytest.mark.parametrize('url,header,input,want', [
('http://web.nginx-proxy.tld/headers', 'X-Forwarded-Proto', None, 'http'),
('http://web.nginx-proxy.tld/headers', 'X-Forwarded-Proto', 'f00', 'http'),
('https://web.nginx-proxy.tld/headers', 'X-Forwarded-Proto', None, 'https'),
('https://web.nginx-proxy.tld/headers', 'X-Forwarded-Proto', 'f00', 'https'),
('http://web.nginx-proxy.tld/headers', 'X-Forwarded-Port', None, '80'),
('http://web.nginx-proxy.tld/headers', 'X-Forwarded-Port', '1234', '80'),
('https://web.nginx-proxy.tld/headers', 'X-Forwarded-Port', None, '443'),
('https://web.nginx-proxy.tld/headers', 'X-Forwarded-Port', '1234', '443'),
])
def test_downstream_proxy_header(docker_compose, nginxproxy, url, header, input, want):
kwargs = {} if input is None else {'headers': {header: input}}
r = nginxproxy.get(url, **kwargs)
assert r.status_code == 200
assert re.search(fr'(?m)^(?i:{re.escape(header)}): {re.escape(want)}$', r.text)
Reference in New Issue View Git Blame Copy Permalink