forked from SVasilev/http-headers-validation
-
Notifications
You must be signed in to change notification settings - Fork 0
/
test.js
71 lines (62 loc) · 3.98 KB
/
test.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
var should = require('should');
var httpHeadersValidation = require('./index');
describe('headers validation module', function() {
describe('validates HTTP header names', function() {
it('should return true for common names', function() {
httpHeadersValidation.validateHeaderName('Cache-Control').should.be.equal(true);
httpHeadersValidation.validateHeaderName('Cookie').should.be.equal(true);
httpHeadersValidation.validateHeaderName('Host').should.be.equal(true);
httpHeadersValidation.validateHeaderName('Content-Type').should.be.equal(true);
});
it('should validate more obscure names', function() {
httpHeadersValidation.validateHeaderName('If-Unmodified-Since').should.be.equal(true);
httpHeadersValidation.validateHeaderName('TE').should.be.equal(true);
httpHeadersValidation.validateHeaderName('Proxy-Authenticate').should.be.equal(true);
httpHeadersValidation.validateHeaderName('Strict-Transport-Security').should.be.equal(true);
});
it('should validate custom header names', function() {
httpHeadersValidation.validateHeaderName('Front-End-Https').should.be.equal(true);
httpHeadersValidation.validateHeaderName('X-Csrf-Token').should.be.equal(true);
httpHeadersValidation.validateHeaderName('X-Forwarded-Host').should.be.equal(true);
httpHeadersValidation.validateHeaderName('My-Custom-Header-05^_`|~!#$%&\'*+-.').should.be.equal(true);
});
it('should return false for invalid header names', function() {
httpHeadersValidation.validateHeaderName({}).should.be.equal(false);
httpHeadersValidation.validateHeaderName('Front-End-[]').should.be.equal(false);
httpHeadersValidation.validateHeaderName('My-Invalid-Header-;').should.be.equal(false);
httpHeadersValidation.validateHeaderName('X-Forwarded-\\').should.be.equal(false);
httpHeadersValidation.validateHeaderName('(X,N)').should.be.equal(false);
});
});
describe('validates HTTP header values', function() {
it('should validate common values', function() {
httpHeadersValidation.validateHeaderValue('public, max-age=2000').should.be.equal(true);
httpHeadersValidation.validateHeaderValue('Secure').should.be.equal(true);
httpHeadersValidation.validateHeaderValue('localhost').should.be.equal(true);
httpHeadersValidation.validateHeaderValue('application/json').should.be.equal(true);
});
it('should validate more obscure values', function() {
httpHeadersValidation.validateHeaderValue('valueWithTabulation\t').should.be.equal(true);
httpHeadersValidation.validateHeaderValue('-05:00').should.be.equal(true);
httpHeadersValidation.validateHeaderValue('VQcFUFFRCBABUFhaAwQOVw==').should.be.equal(true);
httpHeadersValidation.validateHeaderValue('okhttp/2.5.0').should.be.equal(true);
});
it('should return false for invalid header values', function() {
httpHeadersValidation.validateHeaderValue('').should.be.equal(false);
httpHeadersValidation.validateHeaderValue('\n\b').should.be.equal(false); // If charCode < 32
httpHeadersValidation.validateHeaderValue('⌂').should.be.equal(false); // If charCode === 127
httpHeadersValidation.validateHeaderValue('withˆ').should.be.equal(false); // If charCode > 255
});
});
describe('validates HTTP header key-value pairs', function() {
it('should return true for valid header key-value pairs', function() {
httpHeadersValidation.validateHeader('My-Custom-Header-05^_`|~!#$%&\'*+-.', 'valueWithTabulation\t').should.be.equal(true);
});
it('should return false for invalid key-value pairs', function() {
httpHeadersValidation.validateHeader({}, 'application/json').should.be.equal(false);
httpHeadersValidation.validateHeader('Cookie', '').should.be.equal(false);
httpHeadersValidation.validateHeader('My-Invalid-Header-;', 'valueWithTabulation\t').should.be.equal(false);
httpHeadersValidation.validateHeader('Cache-Control', 'withˆ').should.be.equal(false);
});
});
});