|
10 | 10 | //----------------------------------------------------------------------------- |
11 | 11 |
|
12 | 12 | import assert from "node:assert"; |
| 13 | +import { forbiddenMethods, forbiddenRequestHeaders } from "../src/cors.js"; |
13 | 14 | import { MockServer } from "../src/mock-server.js"; |
14 | 15 | import { FetchMocker } from "../src/fetch-mocker.js"; |
15 | 16 | import { CookieCredentials } from "../src/cookie-credentials.js"; |
@@ -1949,6 +1950,94 @@ describe("FetchMocker", () => { |
1949 | 1950 | }); |
1950 | 1951 | }); |
1951 | 1952 | }); |
| 1953 | + |
| 1954 | + describe("Forbidden headers", () => { |
| 1955 | + |
| 1956 | + [...forbiddenRequestHeaders].forEach(header => { |
| 1957 | + it(`should throw an error when the header is ${header}`, async () => { |
| 1958 | + const server = new MockServer(API_URL); |
| 1959 | + const fetchMocker = new FetchMocker({ |
| 1960 | + servers: [server], |
| 1961 | + baseUrl: ALT_BASE_URL, |
| 1962 | + }); |
| 1963 | + const url = new URL("/hello", API_URL); |
| 1964 | + |
| 1965 | + await assert.rejects( |
| 1966 | + fetchMocker.fetch(url, { |
| 1967 | + headers: { |
| 1968 | + [header]: "Foo", |
| 1969 | + }, |
| 1970 | + }), |
| 1971 | + new RegExp(`Header ${header} is not allowed`, "iu"), |
| 1972 | + ); |
| 1973 | + }); |
| 1974 | + }); |
| 1975 | + |
| 1976 | + it("should throw an error when the header begins with sec-", async () => { |
| 1977 | + const server = new MockServer(API_URL); |
| 1978 | + const fetchMocker = new FetchMocker({ |
| 1979 | + servers: [server], |
| 1980 | + baseUrl: ALT_BASE_URL, |
| 1981 | + }); |
| 1982 | + const url = new URL("/hello", API_URL); |
| 1983 | + |
| 1984 | + await assert.rejects( |
| 1985 | + fetchMocker.fetch(url, { |
| 1986 | + headers: { |
| 1987 | + "sec-foo": "Foo", |
| 1988 | + }, |
| 1989 | + }), |
| 1990 | + new RegExp("Header sec-foo is not allowed", "iu"), |
| 1991 | + ); |
| 1992 | + }); |
| 1993 | + |
| 1994 | + it("should throw an error when the header begins with proxy-", async () => { |
| 1995 | + const server = new MockServer(API_URL); |
| 1996 | + const fetchMocker = new FetchMocker({ |
| 1997 | + servers: [server], |
| 1998 | + baseUrl: ALT_BASE_URL, |
| 1999 | + }); |
| 2000 | + const url = new URL("/hello", API_URL); |
| 2001 | + |
| 2002 | + await assert.rejects( |
| 2003 | + fetchMocker.fetch(url, { |
| 2004 | + headers: { |
| 2005 | + "proxy-foo": "Foo", |
| 2006 | + }, |
| 2007 | + }), |
| 2008 | + new RegExp("Header proxy-foo is not allowed", "iu"), |
| 2009 | + ); |
| 2010 | + }); |
| 2011 | + |
| 2012 | + [ |
| 2013 | + "X-Http-Method", |
| 2014 | + "X-Http-Method-Override", |
| 2015 | + "X-Method-Override", |
| 2016 | + ].forEach(header => { |
| 2017 | + [...forbiddenMethods].forEach(method => { |
| 2018 | + |
| 2019 | + it(`should throw an error when the ${header} header is ${method}`, async () => { |
| 2020 | + const server = new MockServer(API_URL); |
| 2021 | + const fetchMocker = new FetchMocker({ |
| 2022 | + servers: [server], |
| 2023 | + baseUrl: ALT_BASE_URL, |
| 2024 | + }); |
| 2025 | + const url = new URL("/hello", API_URL); |
| 2026 | + |
| 2027 | + await assert.rejects( |
| 2028 | + fetchMocker.fetch(url, { |
| 2029 | + headers: { |
| 2030 | + [header]: method, |
| 2031 | + }, |
| 2032 | + }), |
| 2033 | + new RegExp(`Header ${header} is not allowed`, "iu"), |
| 2034 | + ); |
| 2035 | + }); |
| 2036 | + |
| 2037 | + }); |
| 2038 | + }); |
| 2039 | + |
| 2040 | + }); |
1952 | 2041 | }); |
1953 | 2042 |
|
1954 | 2043 | describe("mockGlobal", () => { |
|
0 commit comments