Mercurial > hg > nginx-tests
changeset 1713:77a9e393ed46
Tests: added one more Location header escaping test.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Tue, 29 Jun 2021 11:57:40 +0300 |
| parents | 0605f9a6f7b0 |
| children | e4e711d07e6c |
| files | http_absolute_redirect.t |
| diffstat | 1 files changed, 18 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/http_absolute_redirect.t +++ b/http_absolute_redirect.t @@ -76,6 +76,10 @@ http { proxy_pass http://127.0.0.1:8080; } + location '/auto "#%<>?\^`{|}/' { + proxy_pass http://127.0.0.1:8080; + } + location /return301 { return 301 /redirect; } @@ -91,7 +95,7 @@ EOF mkdir($t->testdir() . '/dir'); mkdir($t->testdir() . '/dir sp'); -$t->run()->plan(18); +$t->run()->plan(19); ############################################################################### @@ -159,6 +163,19 @@ like(get('off', '/auto%20sp?a=b'), qr!Lo like(get('off', '/return301'), qr!Location: /redirect\x0d?$!m, 'off return'); +# per RFC 3986, these charaters are not allowed unescaped: +# %00-%1F, %7F-%FF, " ", """, "<", ">", "\", "^", "`", "{", "|", "}" +# additionally, all characters in ESCAPE_URI: "?", "%", "#" + +TODO: { +local $TODO = 'not yet' unless $t->has_version('1.21.1'); + +like(get('off', '/auto%20%22%23%25%3C%3E%3F%5C%5E%60%7B%7C%7D'), + qr!Location: /auto%20%22%23%25%3C%3E%3F%5C%5E%60%7B%7C%7D/\x0d?$!m, + 'auto escaped strict'); + +} + ############################################################################### sub get {