Custom headers with the CLI option --header (#28)

These changes add a command-line option --header, e.g. --header 'Access-Control-Allow-Origin: *'. Basic tests are included for this option. When accepting the argument, a very simple sanitization is made, the string is required to contain ": ", and can’t contain a '\n' character. These checks are far from what is required to truly validate a HTTP header, but will at least detect simple mistakes and forbid the abuse of having arguments that include more than one header, or, worse, that include a body for the response (after "\r\n\r\n"). This should also close the Issue #16 and PR #27, I think, since CORS functionality can be obtained by specifying a custom header.
2023-08-10 21:13:08 +03:00 · 2022-12-06 07:46:52 -03:00
parent 64b03a032e
commit defc1e8ce9
4 changed files with 151 additions and 5 deletions
--- a/devel/run-tests
+++ b/devel/run-tests
@@ -120,6 +120,22 @@ runtests() {
  kill $PID
  wait $PID

+  echo "===> run --header tests"
+  # Wrong flags:
+  ./a.out . --header >/dev/null 2>/dev/null
+  ./a.out . --header missing_colon >/dev/null 2>/dev/null
+  ./a.out . --header $'X-Header: Abusive\r\n\r\nBody' >/dev/null 2>/dev/null
+  # Correct flags:
+  ./a.out $DIR --port $PORT \
+    --header 'X-Header-A: First Value' --header 'X-Header-B: Second Value' \
+    --forward example.com http://www.example.com \
+    >>test.out.stdout 2>>test.out.stderr &
+  PID=$!
+  kill -0 $PID || exit 1
+  python3 test_custom_headers.py
+  kill $PID
+  wait $PID
+
  echo "===> run --forward-https tests"
  ./a.out $DIR --port $PORT --forward-https \
    >>test.out.stdout 2>>test.out.stderr &