Net: expand cross-origin sensitive header regression test

2026-02-19 18:39:20 -05:00 · 2026-02-19 11:23:35 -08:00
parent c0cd5a7265
commit 802f043e53
1 changed files with 4 additions and 0 deletions
--- a/src/infra/net/fetch-guard.ssrf.test.ts
+++ b/src/infra/net/fetch-guard.ssrf.test.ts
@@ -109,7 +109,9 @@ describe("fetchWithSsrFGuard hardening", () => {
      init: {
        headers: {
          Authorization: "Bearer secret",
+          "Proxy-Authorization": "Basic c2VjcmV0",
          Cookie: "session=abc",
+          Cookie2: "legacy=1",
          "X-Trace": "1",
        },
      },
@@ -118,7 +120,9 @@ describe("fetchWithSsrFGuard hardening", () => {
    const [, secondInit] = fetchImpl.mock.calls[1] as [string, RequestInit];
    const headers = new Headers(secondInit.headers);
    expect(headers.get("authorization")).toBeNull();
+    expect(headers.get("proxy-authorization")).toBeNull();
    expect(headers.get("cookie")).toBeNull();
+    expect(headers.get("cookie2")).toBeNull();
    expect(headers.get("x-trace")).toBe("1");
    await result.release();
  });