added check for must-not-match request-header

* HTTPServer.pm: added check for must-not-match request-header
* Test-cookies.px: check cookie deletion and cookie domain matching

tests/ChangeLog

@@ -1,3 +1,8 @@
+2012-11-09  Tim Ruehsen  <tim.ruehsen@gmx.de>
+
+	* HTTPServer.pm: added check for must-not-match request-header
+	* Test-cookies.px: check cookie deletion and cookie domain matching
+
 2012-06-16  Giuseppe Scrivano  <gscrivano@gnu.org>
 
 	* Makefile.am (EXTRA_DIST): Add Test-stdouterr.px.

tests/HTTPServer.pm

@@ -218,14 +218,26 @@ sub verify_request_headers {
 
     return 1 unless exists $url_rec->{'request_headers'};
     for my $hdrname (keys %{$url_rec->{'request_headers'}}) {
-        my $rhdr = $req->header ($hdrname);
+        my $must_not_match;
         my $ehdr = $url_rec->{'request_headers'}{$hdrname};
+        if ($must_not_match = ($hdrname =~ /^!(\w+)/)) {
+            $hdrname = $1;
+        }
+        my $rhdr = $req->header ($hdrname);
+        if ($must_not_match) {
+            if (defined $rhdr && $rhdr =~ $ehdr) {
+                $rhdr = '' unless defined $rhdr;
+                print STDERR "\n*** Match forbidden $hdrname: $rhdr =~ $ehdr\n";
+                return undef;
+            }
+        } else {
             unless (defined $rhdr && $rhdr =~ $ehdr) {
                 $rhdr = '' unless defined $rhdr;
                 print STDERR "\n*** Mismatch on $hdrname: $rhdr =~ $ehdr\n";
                 return undef;
             }
         }
+    }
 
     return 1;
 }

tests/Test-cookies.px

@@ -10,6 +10,10 @@ use HTTPTest;
 
 my $page1 = "Hello, world!\n";
 my $page2 = "Goodbye, Sam.\n";
+my $page3 = "Page three.\n";
+my $page4 = "Page four.\n";
+my $page5 = "Page five.\n";
+my $page6 = "Page six.\n";
 
 # code, msg, headers, content
 my %urls = (
@@ -30,10 +34,49 @@ my %urls = (
             "Cookie" => qr|foo=bar|,
         },
     },
+# remove the cookie 'foo'
+    '/three.txt' => {
+        code => "200",
+        msg => "Ok",
+        headers => {
+            "Content-type" => "text/plain",
+            "Set-Cookie" => "foo=; Expires=Sun, 06 Nov 1994 08:49:37 GMT",
+        },
+        content => $page3,
+    },
+    '/four.txt' => {
+        code => "200",
+        msg => "Ok",
+        content => $page4,
+        request_headers => {
+            "!Cookie" => qr|foo=|,
+        },
+    },
+# try to set a cookie 'foo' with mismatching domain
+# see RFC 6265 5.3.6: ignore the cookie if it doesn't domain-match
+    '/five.txt' => {
+        code => "200",
+        msg => "Ok",
+        headers => {
+            "Content-type" => "text/plain",
+            "Set-Cookie" => "foo=bar; domain=.example.com",
+        },
+        content => $page5,
+    },
+    '/six.txt' => {
+        code => "200",
+        msg => "Ok",
+        content => $page6,
+        request_headers => {
+            "!Cookie" => qr|foo=bar|,
+        },
+    },
 );
 
 my $cmdline = $WgetTest::WGETPATH . " http://localhost:{{port}}/one.txt"
-    . " http://localhost:{{port}}/two.txt";
+    . " http://localhost:{{port}}/two.txt" . " http://localhost:{{port}}/three.txt"
+    . " http://localhost:{{port}}/four.txt" . " http://localhost:{{port}}/five.txt"
+	 . " http://localhost:{{port}}/six.txt";
 
 my $expected_error_code = 0;
 
@@ -44,6 +87,18 @@ my %expected_downloaded_files = (
     'two.txt' => {
         content => $page2,
     },
+    'three.txt' => {
+        content => $page3,
+    },
+    'four.txt' => {
+        content => $page4,
+    },
+    'five.txt' => {
+        content => $page5,
+    },
+    'six.txt' => {
+        content => $page6,
+    },
 );
 
 ###############################################################################