test_hsts.py 2.0 KB

1234567891011121314151617181920212223242526272829303132333435363738
  1. def test_web1_HSTS_default(docker_compose, nginxproxy):
  2. r = nginxproxy.get("https://web1.nginx-proxy.tld/port", allow_redirects=False)
  3. assert "answer from port 81\n" in r.text
  4. assert "Strict-Transport-Security" in r.headers
  5. assert "max-age=31536000" == r.headers["Strict-Transport-Security"]
  6. # Regression test to ensure HSTS is enabled even when the upstream sends an error in response
  7. # Issue #1073 https://github.com/nginx-proxy/nginx-proxy/pull/1073
  8. def test_web1_HSTS_error(docker_compose, nginxproxy):
  9. r = nginxproxy.get("https://web1.nginx-proxy.tld/status/500", allow_redirects=False)
  10. assert "Strict-Transport-Security" in r.headers
  11. assert "max-age=31536000" == r.headers["Strict-Transport-Security"]
  12. def test_web2_HSTS_off(docker_compose, nginxproxy):
  13. r = nginxproxy.get("https://web2.nginx-proxy.tld/port", allow_redirects=False)
  14. assert "answer from port 81\n" in r.text
  15. assert "Strict-Transport-Security" not in r.headers
  16. def test_web3_HSTS_custom(docker_compose, nginxproxy):
  17. r = nginxproxy.get("https://web3.nginx-proxy.tld/port", allow_redirects=False)
  18. assert "answer from port 81\n" in r.text
  19. assert "Strict-Transport-Security" in r.headers
  20. assert "max-age=86400; includeSubDomains; preload" == r.headers["Strict-Transport-Security"]
  21. # Regression test for issue 1080
  22. # https://github.com/nginx-proxy/nginx-proxy/issues/1080
  23. def test_web4_HSTS_off_noredirect(docker_compose, nginxproxy):
  24. r = nginxproxy.get("https://web4.nginx-proxy.tld/port", allow_redirects=False)
  25. assert "answer from port 81\n" in r.text
  26. assert "Strict-Transport-Security" not in r.headers
  27. def test_http3_vhost_enabled_HSTS_default(docker_compose, nginxproxy):
  28. r = nginxproxy.get("https://http3-vhost-enabled.nginx-proxy.tld/port", allow_redirects=False)
  29. assert "answer from port 81\n" in r.text
  30. assert "Strict-Transport-Security" in r.headers
  31. assert "max-age=31536000" == r.headers["Strict-Transport-Security"]
  32. assert "alt-svc" in r.headers
  33. assert r.headers["alt-svc"] == 'h3=":443"; ma=86400;'