async def test_forwarded_strict_untrusted_ip(aiohttp_client):
async def handler(request):
return web.Response()
app = web.Application()
app.router.add_get('/', handler)
await _setup(app, ForwardedStrict([['20.20.20.20']]))
cl = await aiohttp_client(app)
resp = await cl.get('/', headers={'Forwarded': 'for=10.10.10.10'})
assert resp.status == 400
async def test_forwarded_strict_no_for(aiohttp_client):
async def handler(request):
return web.Response()
app = web.Application()
app.router.add_get('/', handler)
await _setup(app, ForwardedStrict([['127.0.0.1'], ['10.10.10.10']]))
cl = await aiohttp_client(app)
hdr_val = ', '.join(['for=10.10.10.10', 'proto=https'])
resp = await cl.get('/', headers={'Forwarded': hdr_val})
assert resp.status == 400
async def test_forwarded_strict_whitelist(aiohttp_client):
async def handler(request):
assert request.remote == '127.0.0.1'
return web.Response()
app = web.Application()
app.router.add_get('/', handler)
await _setup(app, ForwardedStrict([['20.20.20.20']], white_paths=['/']))
cl = await aiohttp_client(app)
resp = await cl.get('/', headers={'Forwarded': 'for=10.10.10.10'})
assert resp.status == 200
async def test_forwarded_strict_too_many_for(test_client):
async def handler(request):
return web.Response()
app = web.Application()
app.router.add_get('/', handler)
await _setup(app, ForwardedStrict([['127.0.0.1']]))
cl = await test_client(app)
resp = await cl.get(
'/', headers={'Forwarded': 'for=10.10.10.10, for=11.11.11.11'})
assert resp.status == 400
async def test_forwarded_strict_no_host(aiohttp_client):
async def handler(request):
assert request.host.startswith('127.0.0.1:')
assert request.scheme == 'https'
assert request.remote == '10.10.10.10'
return web.Response()
app = web.Application()
app.router.add_get('/', handler)
await _setup(app, ForwardedStrict([['127.0.0.1']]))
cl = await aiohttp_client(app)
hdr_val = '; '.join(['for=10.10.10.10', 'proto=https'])
resp = await cl.get('/', headers={'Forwarded': hdr_val})
assert resp.status == 200