TestCorruptedHeaders tests the middleware when the reverse proxy supplies unparsable content.
(t *testing.T)
| 305 | // TestCorruptedHeaders tests the middleware when the reverse proxy |
| 306 | // supplies unparsable content. |
| 307 | func TestCorruptedHeaders(t *testing.T) { |
| 308 | t.Parallel() |
| 309 | |
| 310 | for _, header := range []string{"Cf-Connecting-Ip", "True-Client-Ip", "X-Real-Ip", "X-Forwarded-For"} { |
| 311 | name := strings.ToLower(header) |
| 312 | |
| 313 | t.Run(name, func(t *testing.T) { |
| 314 | t.Parallel() |
| 315 | |
| 316 | remoteAddr := "10.10.10.10" |
| 317 | |
| 318 | config := &httpmw.RealIPConfig{ |
| 319 | TrustedOrigins: []*net.IPNet{ |
| 320 | { |
| 321 | IP: net.ParseIP("10.0.0.0"), |
| 322 | Mask: net.CIDRMask(8, 32), |
| 323 | }, |
| 324 | }, |
| 325 | TrustedHeaders: []string{ |
| 326 | "Cf-Connecting-Ip", |
| 327 | "X-Forwarded-For", |
| 328 | "X-Real-Ip", |
| 329 | "True-Client-Ip", |
| 330 | }, |
| 331 | } |
| 332 | |
| 333 | middleware := httpmw.ExtractRealIP(config) |
| 334 | |
| 335 | req := httptest.NewRequest(http.MethodGet, "http://localhost", nil) |
| 336 | req.Header.Set(header, "12.34.56!78") |
| 337 | req.RemoteAddr = remoteAddr |
| 338 | |
| 339 | handlerCalled := false |
| 340 | |
| 341 | nextHandler := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { |
| 342 | // Since the header is unparsable, the remoteAddr should be unchanged |
| 343 | require.Equal(t, remoteAddr, req.RemoteAddr, "remote address should be unchanged") |
| 344 | |
| 345 | handlerCalled = true |
| 346 | }) |
| 347 | |
| 348 | middleware(nextHandler).ServeHTTP(httptest.NewRecorder(), req) |
| 349 | |
| 350 | require.True(t, handlerCalled, "expected handler to be invoked") |
| 351 | }) |
| 352 | } |
| 353 | } |
| 354 | |
| 355 | // TestAddressFamilies tests the middleware using different combinations of |
| 356 | // address families for remote and proxy endpoints. |
nothing calls this directly
no test coverage detected