66 * found in the LICENSE file at https://angular.dev/license
77 */
88
9- import { validateHeaders } from '../../src/utils/headers ' ;
9+ import { validateRequest , validateUrl } from '../../src/utils/validation ' ;
1010
11- describe ( 'validateHeaders ' , ( ) => {
11+ describe ( 'validateRequest ' , ( ) => {
1212 const allowedHosts = new Set ( [ 'example.com' , 'sub.example.com' ] ) ;
1313
1414 it ( 'should pass valid headers with allowed host' , ( ) => {
@@ -21,7 +21,7 @@ describe('validateHeaders', () => {
2121 } ,
2222 } ) ;
2323
24- expect ( ( ) => validateHeaders ( request , allowedHosts ) ) . not . toThrow ( ) ;
24+ expect ( ( ) => validateRequest ( request , allowedHosts ) ) . not . toThrow ( ) ;
2525 } ) ;
2626
2727 it ( 'should pass valid headers with localhost (default allowed)' , ( ) => {
@@ -31,7 +31,7 @@ describe('validateHeaders', () => {
3131 } ,
3232 } ) ;
3333
34- expect ( ( ) => validateHeaders ( request , allowedHosts ) ) . not . toThrow ( ) ;
34+ expect ( ( ) => validateRequest ( request , allowedHosts ) ) . not . toThrow ( ) ;
3535 } ) ;
3636
3737 it ( 'should throw error for disallowed host' , ( ) => {
@@ -41,11 +41,13 @@ describe('validateHeaders', () => {
4141 } ,
4242 } ) ;
4343
44- expect ( ( ) => validateHeaders ( request , allowedHosts ) ) . toThrowError (
44+ expect ( ( ) => validateRequest ( request , allowedHosts ) ) . toThrowError (
4545 / H e a d e r " h o s t " w i t h v a l u e " e v i l \. c o m " i s n o t a l l o w e d / ,
4646 ) ;
4747 } ) ;
4848
49+ // ...
50+
4951 it ( 'should throw error for disallowed x-forwarded-host' , ( ) => {
5052 const request = new Request ( 'https://example.com' , {
5153 headers : {
@@ -54,7 +56,7 @@ describe('validateHeaders', () => {
5456 } ,
5557 } ) ;
5658
57- expect ( ( ) => validateHeaders ( request , allowedHosts ) ) . toThrowError (
59+ expect ( ( ) => validateRequest ( request , allowedHosts ) ) . toThrowError (
5860 / H e a d e r " x - f o r w a r d e d - h o s t " w i t h v a l u e " e v i l \. c o m " i s n o t a l l o w e d / ,
5961 ) ;
6062 } ) ;
@@ -67,7 +69,7 @@ describe('validateHeaders', () => {
6769 } ,
6870 } ) ;
6971
70- expect ( ( ) => validateHeaders ( request , allowedHosts ) ) . toThrowError (
72+ expect ( ( ) => validateRequest ( request , allowedHosts ) ) . toThrowError (
7173 'Header "x-forwarded-host" contains path separators which is not allowed.' ,
7274 ) ;
7375 } ) ;
@@ -80,7 +82,7 @@ describe('validateHeaders', () => {
8082 } ,
8183 } ) ;
8284
83- expect ( ( ) => validateHeaders ( request , allowedHosts ) ) . toThrowError (
85+ expect ( ( ) => validateRequest ( request , allowedHosts ) ) . toThrowError (
8486 'Header "x-forwarded-port" must be a numeric value.' ,
8587 ) ;
8688 } ) ;
@@ -93,7 +95,7 @@ describe('validateHeaders', () => {
9395 } ,
9496 } ) ;
9597
96- expect ( ( ) => validateHeaders ( request , allowedHosts ) ) . toThrowError (
98+ expect ( ( ) => validateRequest ( request , allowedHosts ) ) . toThrowError (
9799 'Header "x-forwarded-proto" must be either "http" or "https".' ,
98100 ) ;
99101 } ) ;
@@ -106,7 +108,7 @@ describe('validateHeaders', () => {
106108 } ,
107109 } ) ;
108110
109- expect ( ( ) => validateHeaders ( request , allowedHosts ) ) . not . toThrow ( ) ;
111+ expect ( ( ) => validateRequest ( request , allowedHosts ) ) . not . toThrow ( ) ;
110112 } ) ;
111113
112114 it ( 'should ignore port in host validation' , ( ) => {
@@ -116,7 +118,7 @@ describe('validateHeaders', () => {
116118 } ,
117119 } ) ;
118120
119- expect ( ( ) => validateHeaders ( request , allowedHosts ) ) . not . toThrow ( ) ;
121+ expect ( ( ) => validateRequest ( request , allowedHosts ) ) . not . toThrow ( ) ;
120122 } ) ;
121123
122124 it ( 'should throw if host header is completely malformed url' , ( ) => {
@@ -126,7 +128,7 @@ describe('validateHeaders', () => {
126128 } ,
127129 } ) ;
128130
129- expect ( ( ) => validateHeaders ( request , allowedHosts ) ) . toThrowError (
131+ expect ( ( ) => validateRequest ( request , allowedHosts ) ) . toThrowError (
130132 'Header "host" contains an invalid value.' ,
131133 ) ;
132134 } ) ;
@@ -141,7 +143,7 @@ describe('validateHeaders', () => {
141143 } ,
142144 } ) ;
143145
144- expect ( ( ) => validateHeaders ( request , wildcardHosts ) ) . not . toThrow ( ) ;
146+ expect ( ( ) => validateRequest ( request , wildcardHosts ) ) . not . toThrow ( ) ;
145147 } ) ;
146148
147149 it ( 'should match nested subdomain' , ( ) => {
@@ -151,7 +153,7 @@ describe('validateHeaders', () => {
151153 } ,
152154 } ) ;
153155
154- expect ( ( ) => validateHeaders ( request , wildcardHosts ) ) . not . toThrow ( ) ;
156+ expect ( ( ) => validateRequest ( request , wildcardHosts ) ) . not . toThrow ( ) ;
155157 } ) ;
156158
157159 it ( 'should not match base domain' , ( ) => {
@@ -161,7 +163,7 @@ describe('validateHeaders', () => {
161163 } ,
162164 } ) ;
163165
164- expect ( ( ) => validateHeaders ( request , wildcardHosts ) ) . toThrowError (
166+ expect ( ( ) => validateRequest ( request , wildcardHosts ) ) . toThrowError (
165167 / H e a d e r " h o s t " w i t h v a l u e " e x a m p l e \. c o m " i s n o t a l l o w e d / ,
166168 ) ;
167169 } ) ;
@@ -173,9 +175,26 @@ describe('validateHeaders', () => {
173175 } ,
174176 } ) ;
175177
176- expect ( ( ) => validateHeaders ( request , wildcardHosts ) ) . toThrowError (
178+ expect ( ( ) => validateRequest ( request , wildcardHosts ) ) . toThrowError (
177179 / H e a d e r " h o s t " w i t h v a l u e " e v i l \. c o m " i s n o t a l l o w e d / ,
178180 ) ;
179181 } ) ;
180182 } ) ;
183+
184+ it ( 'should pass valid URL with allowed host' , ( ) => {
185+ const request = new Request ( 'https://example.com/path' ) ;
186+ expect ( ( ) => validateRequest ( request , allowedHosts ) ) . not . toThrow ( ) ;
187+ } ) ;
188+
189+ it ( 'should pass valid URL with allowed sub-domain' , ( ) => {
190+ const request = new Request ( 'https://sub.example.com/path' ) ;
191+ expect ( ( ) => validateRequest ( request , allowedHosts ) ) . not . toThrow ( ) ;
192+ } ) ;
193+
194+ it ( 'should throw error for disallowed host' , ( ) => {
195+ const request = new Request ( 'https://evil.com/path' ) ;
196+ expect ( ( ) => validateRequest ( request , allowedHosts ) ) . toThrowError (
197+ / U R L w i t h h o s t n a m e " e v i l \. c o m " i s n o t a l l o w e d / ,
198+ ) ;
199+ } ) ;
181200} ) ;
0 commit comments