Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Drop special headers from redirected requests #289

Merged
merged 5 commits into from
Mar 9, 2019
Merged

Drop special headers from redirected requests #289

Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
119c7ff
Drop special headers from redirected requests
sberrevoets Sep 15, 2018
2fecbda
Update CHANGELOG.md
jeffctown Mar 8, 2019
ed13794
Put clearing of auth headers in it’s own method and using a for loop.
jeffctown Mar 8, 2019
4d0f05b
Re-introduce header retention policy tests for 3xx
sberrevoets Mar 8, 2019
29ff8d8
fixup! Re-introduce header retention policy tests for 3xx
sberrevoets Mar 9, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions OHHTTPStubs/UnitTests/Test Suites/NSURLSessionTests.m
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -360,6 +360,51 @@ - (void)test_NSURLSessionDefaultConfig_MethodAndDataRetentionOnRedirect
NSLog(@"/!\\ Test skipped because the NSURLSession class is not available on this OS version. Run the tests a target with a more recent OS.\n");
}
}

- (void)test_NSURLSessionDefaultConfig_HeaderRetentionPolicyOnRedirect {
if ([NSURLSessionConfiguration class] && [NSURLSession class])
{
NSArray<NSString*>* allMethods = @[@"GET", @"HEAD", @"POST", @"PATCH", @"PUT"];

/** 301, 302, 307, 308: GET, HEAD, POST, PATCH, PUT should all maintain most HTTP headers unchanged **/
for (NSNumber* redirectStatusCode in @[@301, @302, @307, @308]) {
int statusCode = redirectStatusCode.intValue;
for (NSString* method in allMethods) {

NSURLSessionConfiguration* config = [NSURLSessionConfiguration defaultSessionConfiguration];
NSURLSessionTestDelegate* delegate = [NSURLSessionTestDelegate delegateFollowingRedirects:YES fulfillOnCompletion:nil];
NSURLSession *session = [NSURLSession sessionWithConfiguration:config delegate:delegate delegateQueue:nil];

NSDictionary *headers = @{
@"Authorization": @"authorization",
@"Connection": @"connection",
@"Host": @"host",
@"Proxy-Authenticate": @"proxy-authenticate",
@"Proxy-Authorization": @"proxy-authorization",
@"WWW-Authenticate": @"www-authenticate",
@"Preserved": @"preserved"
Copy link
Owner

@AliSoftware AliSoftware Mar 8, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just because if, say, we change the implementation one day and accidentally make the new implementation behave ( wrongly) as "remove all headers but the last" or "only keep one header" (instead of doing what it's supposed to do like today), I would try to put one or two more "headers to be preserved" in there and intertwine them in the middle of that list instead of all in the end 😉 #paranoiaModeOn

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But since it's a dictionary order isn't guaranteed anyway? Is that different under the NSURLSession hood?

Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh good point!

Though I suspect that dictionary literals, even though they don't guarantee order by contract as it's not a expected requirement for dicts, might end up always being iterated in the same deterministic order in practice (because of current implantation details of dictionary literals in ObjC)?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah it doesn't hurt to add - done. (In a separate commit for reviewing purposes, happy to rebase at the end if you'd like.)

};
[self _test_redirect_NSURLSession:session httpMethod:method headers:headers jsonBody:nil delays:0.0 redirectStatusCode:statusCode
completion:^(NSString *redirectedRequestMethod, NSDictionary *redirectedRequestHeaders, id redirectedRequestJSONBody, NSHTTPURLResponse *redirectHTTPResponse, id finalJSONResponse, NSError *errorResponse)
{
XCTAssertNil(redirectedRequestHeaders[@"Authorization"], @"Authorization header is preserved when following redirects");
XCTAssertNil(redirectedRequestHeaders[@"Connection"], @"Connection header is preserved when following redirects");
XCTAssertNil(redirectedRequestHeaders[@"Host"], @"Host header is preserved when following redirects");
XCTAssertNil(redirectedRequestHeaders[@"Proxy-Authenticate"], @"Proxy-Authenticate header is preserved when following redirects");
XCTAssertNil(redirectedRequestHeaders[@"Proxy-Authorization"], @"Proxy-Authorization header is preserved when following redirects");
XCTAssertNil(redirectedRequestHeaders[@"WWW-Authenticate"], @"WWW-Authenticate header is preserved when following redirects");
XCTAssertEqual(redirectedRequestHeaders[@"Preserved"], @"preserved", @"Regular header is not preserved when following redirects");
}];

[session finishTasksAndInvalidate];
}
}
}
else
{
NSLog(@"/!\\ Test skipped because the NSURLSession class is not available on this OS version. Run the tests a target with a more recent OS.\n");
}
}
#endif

- (void)test_NSURLSessionEphemeralConfig
Expand Down