node/test/parallel/test-http2-sensitive-headers.js

'use strict';
const common = require('../common');
if (!common.hasCrypto)
  common.skip('missing crypto');
const assert = require('assert');
const http2 = require('http2');
const makeDuplexPair = require('../common/duplexpair');

{
  const testData = '<h1>Hello World</h1>';
  const server = http2.createServer();
  server.on('stream', common.mustCall((stream, headers) => {
    stream.respond({
      'content-type': 'text/html',
      ':status': 200,
      'cookie': 'donotindex',
      'not-sensitive': 'foo',
      'sensitive': 'bar',
      // sensitiveHeaders entries are case-insensitive
      [http2.sensitiveHeaders]: ['Sensitive']
    });
    stream.end(testData);
  }));

  const { clientSide, serverSide } = makeDuplexPair();
  server.emit('connection', serverSide);

  const client = http2.connect('http://localhost:80', {
    createConnection: common.mustCall(() => clientSide)
  });

  const req = client.request({ ':path': '/' });

  req.on('response', common.mustCall((headers) => {
    assert.strictEqual(headers[':status'], 200);
    assert.strictEqual(headers.cookie, 'donotindex');
    assert.deepStrictEqual(headers[http2.sensitiveHeaders],
                           ['cookie', 'sensitive']);
  }));

  req.on('end', common.mustCall(() => {
    clientSide.destroy();
    clientSide.end();
  }));
  req.resume();
  req.end();
}