From 1f5bac15cd8e4393c6da98eb7bb4532133dc6259 Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Tue, 21 Dec 2010 01:28:23 +0000
Subject: http: hook up "trust_x_forwarded" to configurator

More config bloat, sadly this is necessary for Rainbows! :<
---
 t/t0016-trust-x-forwarded-false.sh | 30 ++++++++++++++++++++++++++++++
 t/t0017-trust-x-forwarded-true.sh  | 30 ++++++++++++++++++++++++++++++
 2 files changed, 60 insertions(+)
 create mode 100755 t/t0016-trust-x-forwarded-false.sh
 create mode 100755 t/t0017-trust-x-forwarded-true.sh

(limited to 't')

diff --git a/t/t0016-trust-x-forwarded-false.sh b/t/t0016-trust-x-forwarded-false.sh
new file mode 100755
index 0000000..3163690
--- /dev/null
+++ b/t/t0016-trust-x-forwarded-false.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+. ./test-lib.sh
+t_plan 5 "trust_x_forwarded=false configuration test"
+
+t_begin "setup and start" && {
+	unicorn_setup
+	echo "trust_x_forwarded false" >> $unicorn_config
+	unicorn -D -c $unicorn_config env.ru
+	unicorn_wait_start
+}
+
+t_begin "spoofed request with X-Forwarded-Proto does not trigger" && {
+	curl -H 'X-Forwarded-Proto: https' http://$listen/ | \
+		grep -F '"rack.url_scheme"=>"http"'
+}
+
+t_begin "spoofed request with X-Forwarded-SSL does not trigger" && {
+	curl -H 'X-Forwarded-SSL: on' http://$listen/ | \
+		grep -F '"rack.url_scheme"=>"http"'
+}
+
+t_begin "killing succeeds" && {
+	kill $unicorn_pid
+}
+
+t_begin "check stderr has no errors" && {
+	check_stderr
+}
+
+t_done
diff --git a/t/t0017-trust-x-forwarded-true.sh b/t/t0017-trust-x-forwarded-true.sh
new file mode 100755
index 0000000..11103c5
--- /dev/null
+++ b/t/t0017-trust-x-forwarded-true.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+. ./test-lib.sh
+t_plan 5 "trust_x_forwarded=true configuration test"
+
+t_begin "setup and start" && {
+	unicorn_setup
+	echo "trust_x_forwarded true " >> $unicorn_config
+	unicorn -D -c $unicorn_config env.ru
+	unicorn_wait_start
+}
+
+t_begin "spoofed request with X-Forwarded-Proto sets 'https'" && {
+	curl -H 'X-Forwarded-Proto: https' http://$listen/ | \
+		grep -F '"rack.url_scheme"=>"https"'
+}
+
+t_begin "spoofed request with X-Forwarded-SSL sets 'https'" && {
+	curl -H 'X-Forwarded-SSL: on' http://$listen/ | \
+		grep -F '"rack.url_scheme"=>"https"'
+}
+
+t_begin "killing succeeds" && {
+	kill $unicorn_pid
+}
+
+t_begin "check stderr has no errors" && {
+	check_stderr
+}
+
+t_done
-- 
cgit v1.2.3-24-ge0c7