Permalink
Browse files

Fixes the HSTS QA entries. They work with SSL now.

  • Loading branch information...
1 parent 5eac693 commit 4536bb74cc0f46c51eca697937665844bac7498f @alobbs alobbs committed Nov 20, 2011
Showing with 37 additions and 7 deletions.
  1. +15 −1 qa/292-HSTS1.py
  2. +16 −3 qa/293-HSTS-subdomains1.py
  3. +6 −3 qa/294-HSTS-subdomains2.py
View
@@ -12,18 +12,32 @@
vserver!2920!rule!1!handler = dirlist
"""
+# 6.2. HTTP Request Type
+#
+# If a HSTS Host receives a HTTP request message over a non-secure
+# transport, it SHOULD send a HTTP response message containing a
+# Status-Code of 301 and a Location header field value containing
+# either the HTTP request's original Effective Request URI (see
+# Section 12 "Constructing an Effective Request URI", below) altered as
+# necessary to have a URI scheme of "https", or a URI generated
+# according to local policy (which SHOULD employ a URI scheme of
+# "https").
+
class Test (TestBase):
def __init__ (self):
TestBase.__init__ (self, __file__)
self.name = "HSTS: Error code and Header"
self.request = "HTTP / HTTP/1.0\r\n" + \
"Host: %s\r\n" %(NICK)
self.expected_error = 301
- self.expected_content = ["Strict-Transport-Security:", "max-age=%d"%(MAX_AGE)]
+ self.expected_content = ["https://"]
def Prepare (self, www):
droot = self.Mkdir (www, "%s_droot"%(NICK))
vars = globals()
vars.update(locals())
self.conf = CONF %(vars)
+
+ def Precondition (self):
+ return not self.is_ssl
View
@@ -11,13 +11,23 @@
vserver!2930!rule!1!handler = dirlist
"""
+# 6.1. HTTP-over-Secure-Transport Request Type
+#
+# When replying to an HTTP request that was conveyed over a secure
+# transport, a HSTS Host SHOULD include in its response message a
+# Strict-Transport-Security HTTP Response Header that MUST satisfy the
+# grammar specified above in Section 5.1 "Strict-Transport-Security
+# HTTP Response Header Field". If a Strict-Transport-Security HTTP
+# Response Header is included, the HSTS Host MUST include only one such
+# header.
+
class Test (TestBase):
def __init__ (self):
TestBase.__init__ (self, __file__)
- self.name = "HSTS: with Subdomains"
- self.request = "HTTP / HTTP/1.0\r\n" + \
+ self.name = "HSTS over SSL"
+ self.request = "GET / HTTP/1.0\r\n" + \
"Host: %s\r\n" %(NICK)
- self.expected_error = 301
+ self.expected_error = 200
self.expected_content = ["Strict-Transport-Security:", "includeSubdomains"]
def Prepare (self, www):
@@ -26,3 +36,6 @@ def Prepare (self, www):
vars = globals()
vars.update(locals())
self.conf = CONF %(vars)
+
+ def Precondition (self):
+ return self.is_ssl
@@ -14,10 +14,10 @@
class Test (TestBase):
def __init__ (self):
TestBase.__init__ (self, __file__)
- self.name = "HSTS: without Subdomains"
- self.request = "HTTP / HTTP/1.0\r\n" + \
+ self.name = "HSTS over SSL: without Subdomains"
+ self.request = "GET / HTTP/1.0\r\n" + \
"Host: %s\r\n" %(NICK)
- self.expected_error = 301
+ self.expected_error = 200
self.expected_content = ["Strict-Transport-Security:"]
self.forbidden_content = ["includeSubdomains"]
@@ -27,3 +27,6 @@ def Prepare (self, www):
vars = globals()
vars.update(locals())
self.conf = CONF %(vars)
+
+ def Precondition (self):
+ return self.is_ssl

0 comments on commit 4536bb7

Please sign in to comment.