Commit e5b2a05c authored by Łukasz Nowak's avatar Łukasz Nowak

rapid-cdn: c->h: Implement disabled-cookie-list

parent 102cfd02
...@@ -38,7 +38,7 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181 ...@@ -38,7 +38,7 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181
[template-frontend-haproxy-configuration] [template-frontend-haproxy-configuration]
_update_hash_filename_ = templates/frontend-haproxy.cfg.in _update_hash_filename_ = templates/frontend-haproxy.cfg.in
md5sum = 7c96b713bd25fdad23ff20660e625a58 md5sum = d115e229b7b76bcc6aba4ba62e887ccb
[template-frontend-haproxy-crt-list] [template-frontend-haproxy-crt-list]
_update_hash_filename_ = templates/frontend-haproxy-crt-list.in _update_hash_filename_ = templates/frontend-haproxy-crt-list.in
......
...@@ -87,10 +87,6 @@ ...@@ -87,10 +87,6 @@
without /prefer-gzip without /prefer-gzip
header_upstream Accept-Encoding gzip header_upstream Accept-Encoding gzip
{%- endif %} {#- if proxy_name == 'prefer-gzip' #} {%- endif %} {#- if proxy_name == 'prefer-gzip' #}
{%- for disabled_cookie in slave_parameter['disabled-cookie-list'] %}
# Remove cookie {{ disabled_cookie }} from client Cookies
header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
{%- endfor %} {#- for disabled_cookie in slave_parameter['disabled-cookie-list'] #}
{%- if slave_parameter['disable-no-cache-request'] %} {%- if slave_parameter['disable-no-cache-request'] %}
header_upstream -Cache-Control header_upstream -Cache-Control
......
...@@ -109,6 +109,9 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }} ...@@ -109,6 +109,9 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
http-response set-header Strict-Transport-Security "{{ ''.join(strict_transport_security) }}" http-response set-header Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
{%- endif %} {%- endif %}
{%- endif %} {%- endif %}
{%- for disabled_cookie in slave_instance['disabled-cookie-list'] %}
http-request replace-header Cookie (.*)(^{{ disabled_cookie | replace('%', '%%') }}=[^;]*;\ |;\ {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*) \1\3
{%- endfor %}
{%- if info_dict['path'] %} {%- if info_dict['path'] %}
http-request set-path {{ info_dict['path'] }}%[path] http-request set-path {{ info_dict['path'] }}%[path]
{%- endif %} {# if info_dict['path'] #} {%- endif %} {# if info_dict['path'] #}
......
...@@ -33,7 +33,7 @@ from requests_toolbelt.adapters import source ...@@ -33,7 +33,7 @@ from requests_toolbelt.adapters import source
import json import json
import multiprocessing import multiprocessing
import subprocess import subprocess
from unittest import skip, expectedFailure from unittest import skip
import ssl import ssl
from http.server import HTTPServer from http.server import HTTPServer
from http.server import BaseHTTPRequestHandler from http.server import BaseHTTPRequestHandler
...@@ -2104,9 +2104,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -2104,9 +2104,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address, 'monitor-base-url': 'https://[%s]:8401' % self._ipv6_address,
'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address, 'backend-client-caucase-url': 'http://[%s]:8990' % self._ipv6_address,
'domain': 'example.com', 'domain': 'example.com',
'accepted-slave-amount': '55', 'accepted-slave-amount': '56',
'rejected-slave-amount': '0', 'rejected-slave-amount': '0',
'slave-amount': '55', 'slave-amount': '56',
'rejected-slave-dict': { 'rejected-slave-dict': {
}, },
'warning-slave-dict': { 'warning-slave-dict': {
...@@ -4531,37 +4531,38 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin): ...@@ -4531,37 +4531,38 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
curl_command, out, err)) curl_command, out, err))
return out, err return out, err
@expectedFailure
def test_disabled_cookie_list(self): def test_disabled_cookie_list(self):
parameter_dict = self.assertSlaveBase('disabled-cookie-list') parameter_dict = self.assertSlaveBase('disabled-cookie-list')
out, err = self._curl( out, err = self._curl(
parameter_dict['domain'], TEST_IP, HTTPS_PORT, parameter_dict['domain'], TEST_IP, HTTPS_PORT,
# Note: Cookie order is extremely important here, do not change # Note: Cookie order is extremely important here, do not change
# or test will start to pass incorrectly # or test will start to pass incorrectly
'Coconut=absent; Chocolate=absent; Coffee=present; Vanilia=absent', 'Tea=present; Coconut=absent; DarkChocolate=present; Chocolate=absent; '
'Coffee=present; Vanilia=absent; Water=present',
) )
# self check - were the cookies sent in required order? # self check - were the cookies sent in required order?
self.assertIn( self.assertIn(
'ookie: Coconut=absent; Chocolate=absent; Coffee=present; ' 'ookie: Tea=present; Coconut=absent; DarkChocolate=present; '
'Vanilia=absent', 'Chocolate=absent; Coffee=present; Vanilia=absent; Water=present',
err.decode()) err.decode())
# real test - all configured cookies are dropped # real test - all configured cookies are dropped
self.assertEqual( self.assertEqual(
'Coffee=present', json.loads(out)['Incoming Headers']['cookie']) 'Tea=present; DarkChocolate=present; Coffee=present; Water=present',
json.loads(out)['Incoming Headers']['cookie'])
def test_disabled_cookie_list_simple(self): def test_disabled_cookie_list_simple(self):
parameter_dict = self.assertSlaveBase('disabled-cookie-list') parameter_dict = self.assertSlaveBase('disabled-cookie-list-simple')
out, err = self._curl( out, err = self._curl(
parameter_dict['domain'], TEST_IP, HTTPS_PORT, parameter_dict['domain'], TEST_IP, HTTPS_PORT,
'WhiteChocolate=present; Chocolate=absent; Coffee=present', 'Chocolate=absent; Coffee=present',
) )
# self check - were the cookies sent in required order? # self check - were the cookies sent in required order?
self.assertIn( self.assertIn(
'ookie: WhiteChocolate=present; Chocolate=absent; Coffee=present', 'ookie: Chocolate=absent; Coffee=present',
err.decode()) err.decode())
# real test - all configured cookies are dropped # real test - all configured cookies are dropped
self.assertEqual( self.assertEqual(
'WhiteChocolate=present ; Coffee=present', 'Coffee=present',
json.loads(out)['Incoming Headers']['cookie']) json.loads(out)['Incoming Headers']['cookie'])
def test_https_url(self): def test_https_url(self):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment