mirror of
https://github.com/moparisthebest/curl
synced 2024-11-17 23:15:08 -05:00
6ba2e88a64
Make the HTTP headers separated by default for improved security and reduced risk for information leakage. Bug: http://curl.haxx.se/docs/adv_20150429.html Reported-by: Yehezkel Horowitz, Oren Souroujon
54 lines
921 B
Plaintext
54 lines
921 B
Plaintext
<testcase>
|
|
<info>
|
|
<keywords>
|
|
HTTP
|
|
HTTP CONNECT
|
|
HTTP proxy
|
|
proxytunnel
|
|
</keywords>
|
|
</info>
|
|
|
|
# Server-side
|
|
<reply>
|
|
|
|
<connect nocheck="yes">
|
|
HTTP/1.1 405 Method Not Allowed swsclose
|
|
|
|
And you should ignore this data.
|
|
</connect>
|
|
|
|
</reply>
|
|
|
|
# Client-side
|
|
<client>
|
|
<server>
|
|
http
|
|
</server>
|
|
<name>
|
|
HTTP proxy CONNECT with custom User-Agent header
|
|
</name>
|
|
<command>
|
|
http://test.remote.example.com.287:%HTTPPORT/path/287 -H "User-Agent: looser/2015" --proxy http://%HOSTIP:%HTTPPORT --proxytunnel --proxy-header "User-Agent: looser/2007"
|
|
</command>
|
|
</client>
|
|
|
|
# Verify data after the test has been "shot"
|
|
<verify>
|
|
<protocol>
|
|
CONNECT test.remote.example.com.287:%HTTPPORT HTTP/1.1
|
|
Host: test.remote.example.com.287:%HTTPPORT
|
|
Proxy-Connection: Keep-Alive
|
|
User-Agent: looser/2007
|
|
|
|
</protocol>
|
|
# CURLE_RECV_ERROR
|
|
<errorcode>
|
|
56
|
|
</errorcode>
|
|
<stdout>
|
|
HTTP/1.1 405 Method Not Allowed swsclose
|
|
|
|
</stdout>
|
|
</verify>
|
|
</testcase>
|