From 8b68438b2e0b38909b5b2f76e22ceccd2fa48278 Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Sat, 22 Oct 2022 11:41:55 +0000 Subject: *) mod_http2: field values (headers and trailers) are stripped of leading/trailing whitespace (space +htab) before being processed or send in a response. This is compatible behaviour to HTTP/1.1 parsers that strip incoming headers of such characters. [Stefan Eissing] - removed intermittent "H2HeaderStrictness" directive again. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1904777 13f79535-47bb-0310-9956-ffa450edef68 --- test/modules/http2/test_203_rfc9113.py | 44 +++++++++++++++++++++------------- 1 file changed, 27 insertions(+), 17 deletions(-) (limited to 'test') diff --git a/test/modules/http2/test_203_rfc9113.py b/test/modules/http2/test_203_rfc9113.py index 326462f739..1fdb2ed4fd 100644 --- a/test/modules/http2/test_203_rfc9113.py +++ b/test/modules/http2/test_203_rfc9113.py @@ -11,8 +11,7 @@ class TestRfc9113: H2Conf(env).add_vhost_test1().install() assert env.apache_restart() == 0 - # by default, we ignore leading/trailing ws - # tests with leading ws are not present as curl seems to silently eat those + # by default, we accept leading/trailing ws in request fields def test_h2_203_01_ws_ignore(self, env): url = env.mkurl("https", "test1", "/") r = env.curl_get(url, options=['-H', 'trailing-space: must not ']) @@ -22,21 +21,32 @@ class TestRfc9113: assert r.exit_code == 0, f'curl output: {r.stderr}' assert r.response["status"] == 200, f'curl output: {r.stdout}' - # When enabled, leading/trailing make the stream RST - # tests with leading ws are not present as curl seems to silently eat those - def test_h2_203_02_ws_reject(self, env): - if not env.h2load_is_at_least('1.50.0'): - pytest.skip(f'need nghttp2 >= 1.50.0') - conf = H2Conf(env) - conf.add([ - "H2HeaderStrictness rfc9113" - ]) - conf.add_vhost_test1() + # response header are also handled, but we strip ws before sending + @pytest.mark.parametrize(["hvalue", "expvalue", "status"], [ + ['"123"', '123', 200], + ['"123 "', '123', 200], # trailing space stripped + ['"123\t"', '123', 200], # trailing tab stripped + ['" 123"', '123', 200], # leading space is stripped + ['" 123"', '123', 200], # leading spaces are stripped + ['"\t123"', '123', 200], # leading tab is stripped + ['"expr=%{unescape:123%0A 123}"', '', 500], # illegal char + ['" \t "', '', 200], # just ws + ]) + def test_h2_203_02(self, env, hvalue, expvalue, status): + hname = 'ap-test-007' + conf = H2Conf(env, extras={ + f'test1.{env.http_tld}': [ + '', + f'Header add {hname} {hvalue}', + '', + ] + }) + conf.add_vhost_test1(proxy_self=True) conf.install() assert env.apache_restart() == 0 - url = env.mkurl("https", "test1", "/") - r = env.curl_get(url, options=['-H', 'trailing-space: must not ']) - assert r.exit_code != 0, f'curl output: {r.stderr}' - r = env.curl_get(url, options=['-H', 'trailing-space: must not\t']) - assert r.exit_code != 0, f'curl output: {r.stderr}' + url = env.mkurl("https", "test1", "/index.html") + r = env.curl_get(url, options=['--http2']) + assert r.response["status"] == status + if int(status) < 400: + assert r.response["header"][hname] == expvalue -- cgit v1.2.1