How to use the hpack.NeverIndexedHeaderTuple function in hpack

To help you get started, we’ve selected a few hpack examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github web-platform-tests / wpt / tools / third_party / h2 / h2 / utilities.py View on Github external
never-indexed fields to ensure they don't get added to header compression
    contexts.

    This function currently implements two rules:

    - 'authorization' and 'proxy-authorization' fields are automatically made
      never-indexed.
    - Any 'cookie' header field shorter than 20 bytes long is made
      never-indexed.

    These fields are the most at-risk. These rules are inspired by Firefox
    and nghttp2.
    """
    for header in headers:
        if header[0] in _SECURE_HEADERS:
            yield NeverIndexedHeaderTuple(*header)
        elif header[0] in (b'cookie', u'cookie') and len(header[1]) < 20:
            yield NeverIndexedHeaderTuple(*header)
        else:
            yield header
github python-hyper / hyper-h2 / test / test_header_indexing.py View on Github external
(u'Authorization', u'test'),
        (u'authorization', u'really long test'),
        HeaderTuple(u'authorization', u'test'),
        HeaderTuple(u'Authorization', u'test'),
        HeaderTuple(u'authorization', u'really long test'),
        NeverIndexedHeaderTuple(u'authorization', u'test'),
        NeverIndexedHeaderTuple(u'Authorization', u'test'),
        NeverIndexedHeaderTuple(u'authorization', u'really long test'),
        (b'authorization', b'test'),
        (b'Authorization', b'test'),
        (b'authorization', b'really long test'),
        HeaderTuple(b'authorization', b'test'),
        HeaderTuple(b'Authorization', b'test'),
        HeaderTuple(b'authorization', b'really long test'),
        NeverIndexedHeaderTuple(b'authorization', b'test'),
        NeverIndexedHeaderTuple(b'Authorization', b'test'),
        NeverIndexedHeaderTuple(b'authorization', b'really long test'),
        (u'proxy-authorization', u'test'),
        (u'Proxy-Authorization', u'test'),
        (u'proxy-authorization', u'really long test'),
        HeaderTuple(u'proxy-authorization', u'test'),
        HeaderTuple(u'Proxy-Authorization', u'test'),
        HeaderTuple(u'proxy-authorization', u'really long test'),
        NeverIndexedHeaderTuple(u'proxy-authorization', u'test'),
        NeverIndexedHeaderTuple(u'Proxy-Authorization', u'test'),
        NeverIndexedHeaderTuple(u'proxy-authorization', u'really long test'),
        (b'proxy-authorization', b'test'),
        (b'Proxy-Authorization', b'test'),
        (b'proxy-authorization', b'really long test'),
        HeaderTuple(b'proxy-authorization', b'test'),
        HeaderTuple(b'Proxy-Authorization', b'test'),
        HeaderTuple(b'proxy-authorization', b'really long test'),
github python-hyper / hyper-h2 / test / test_header_indexing.py View on Github external
(u'cookie', u'nineteen byte cooki'),
        HeaderTuple(u'cookie', u'short'),
        HeaderTuple(u'Cookie', u'short'),
        HeaderTuple(u'cookie', u'nineteen byte cooki'),
        NeverIndexedHeaderTuple(u'cookie', u'short'),
        NeverIndexedHeaderTuple(u'Cookie', u'short'),
        NeverIndexedHeaderTuple(u'cookie', u'nineteen byte cooki'),
        NeverIndexedHeaderTuple(u'cookie', u'longer manually secured cookie'),
        (b'cookie', b'short'),
        (b'Cookie', b'short'),
        (b'cookie', b'nineteen byte cooki'),
        HeaderTuple(b'cookie', b'short'),
        HeaderTuple(b'Cookie', b'short'),
        HeaderTuple(b'cookie', b'nineteen byte cooki'),
        NeverIndexedHeaderTuple(b'cookie', b'short'),
        NeverIndexedHeaderTuple(b'Cookie', b'short'),
        NeverIndexedHeaderTuple(b'cookie', b'nineteen byte cooki'),
        NeverIndexedHeaderTuple(b'cookie', b'longer manually secured cookie'),
    ]
    unsecured_cookie_headers = [
        (u'cookie', u'twenty byte cookie!!'),
        (u'Cookie', u'twenty byte cookie!!'),
        (u'cookie', u'substantially longer than 20 byte cookie'),
        HeaderTuple(u'cookie', u'twenty byte cookie!!'),
        HeaderTuple(u'cookie', u'twenty byte cookie!!'),
        HeaderTuple(u'Cookie', u'twenty byte cookie!!'),
        (b'cookie', b'twenty byte cookie!!'),
        (b'Cookie', b'twenty byte cookie!!'),
        (b'cookie', b'substantially longer than 20 byte cookie'),
        HeaderTuple(b'cookie', b'twenty byte cookie!!'),
        HeaderTuple(b'cookie', b'twenty byte cookie!!'),
        HeaderTuple(b'Cookie', b'twenty byte cookie!!'),
github python-hyper / hyper-h2 / test / test_header_indexing.py View on Github external
(b'proxy-authorization', b'really long test'),
        HeaderTuple(b'proxy-authorization', b'test'),
        HeaderTuple(b'Proxy-Authorization', b'test'),
        HeaderTuple(b'proxy-authorization', b'really long test'),
        NeverIndexedHeaderTuple(b'proxy-authorization', b'test'),
        NeverIndexedHeaderTuple(b'Proxy-Authorization', b'test'),
        NeverIndexedHeaderTuple(b'proxy-authorization', b'really long test'),
    ]
    secured_cookie_headers = [
        (u'cookie', u'short'),
        (u'Cookie', u'short'),
        (u'cookie', u'nineteen byte cooki'),
        HeaderTuple(u'cookie', u'short'),
        HeaderTuple(u'Cookie', u'short'),
        HeaderTuple(u'cookie', u'nineteen byte cooki'),
        NeverIndexedHeaderTuple(u'cookie', u'short'),
        NeverIndexedHeaderTuple(u'Cookie', u'short'),
        NeverIndexedHeaderTuple(u'cookie', u'nineteen byte cooki'),
        NeverIndexedHeaderTuple(u'cookie', u'longer manually secured cookie'),
        (b'cookie', b'short'),
        (b'Cookie', b'short'),
        (b'cookie', b'nineteen byte cooki'),
        HeaderTuple(b'cookie', b'short'),
        HeaderTuple(b'Cookie', b'short'),
        HeaderTuple(b'cookie', b'nineteen byte cooki'),
        NeverIndexedHeaderTuple(b'cookie', b'short'),
        NeverIndexedHeaderTuple(b'Cookie', b'short'),
        NeverIndexedHeaderTuple(b'cookie', b'nineteen byte cooki'),
        NeverIndexedHeaderTuple(b'cookie', b'longer manually secured cookie'),
    ]
    unsecured_cookie_headers = [
        (u'cookie', u'twenty byte cookie!!'),
github python-hyper / hyper-h2 / test / test_header_indexing.py View on Github external
HeaderTuple(b'proxy-authorization', b'really long test'),
        NeverIndexedHeaderTuple(b'proxy-authorization', b'test'),
        NeverIndexedHeaderTuple(b'Proxy-Authorization', b'test'),
        NeverIndexedHeaderTuple(b'proxy-authorization', b'really long test'),
    ]
    secured_cookie_headers = [
        (u'cookie', u'short'),
        (u'Cookie', u'short'),
        (u'cookie', u'nineteen byte cooki'),
        HeaderTuple(u'cookie', u'short'),
        HeaderTuple(u'Cookie', u'short'),
        HeaderTuple(u'cookie', u'nineteen byte cooki'),
        NeverIndexedHeaderTuple(u'cookie', u'short'),
        NeverIndexedHeaderTuple(u'Cookie', u'short'),
        NeverIndexedHeaderTuple(u'cookie', u'nineteen byte cooki'),
        NeverIndexedHeaderTuple(u'cookie', u'longer manually secured cookie'),
        (b'cookie', b'short'),
        (b'Cookie', b'short'),
        (b'cookie', b'nineteen byte cooki'),
        HeaderTuple(b'cookie', b'short'),
        HeaderTuple(b'Cookie', b'short'),
        HeaderTuple(b'cookie', b'nineteen byte cooki'),
        NeverIndexedHeaderTuple(b'cookie', b'short'),
        NeverIndexedHeaderTuple(b'Cookie', b'short'),
        NeverIndexedHeaderTuple(b'cookie', b'nineteen byte cooki'),
        NeverIndexedHeaderTuple(b'cookie', b'longer manually secured cookie'),
    ]
    unsecured_cookie_headers = [
        (u'cookie', u'twenty byte cookie!!'),
        (u'Cookie', u'twenty byte cookie!!'),
        (u'cookie', u'substantially longer than 20 byte cookie'),
        HeaderTuple(u'cookie', u'twenty byte cookie!!'),
github python-hyper / hyper-h2 / test / test_header_indexing.py View on Github external
def test_short_cookie_headers_never_indexed_push(self,
                                                     headers,
                                                     cookie_header,
                                                     frame_factory):
        """
        Short cookie headers, and cookies provided as NeverIndexedHeaderTuple,
        are never indexed when pushed by servers.
        """
        # Regardless of what we send, we expect it to be never indexed.
        send_headers = headers + [cookie_header]
        expected_headers = headers + [
            NeverIndexedHeaderTuple(cookie_header[0].lower(), cookie_header[1])
        ]

        c = h2.connection.H2Connection(config=self.server_config)
        c.receive_data(frame_factory.preamble())

        # We can use normal headers for the request.
        f = frame_factory.build_headers_frame(
            self.example_request_headers
        )
        c.receive_data(f.serialize())

        frame_factory.refresh_encoder()
        expected_frame = frame_factory.build_push_promise_frame(
            stream_id=1,
            promised_stream_id=2,
            headers=expected_headers,
github python-hyper / hyper-h2 / test / test_header_indexing.py View on Github external
]
    bytes_example_request_headers = [
        (b':authority', b'example.com'),
        (b':path', b'/'),
        (b':scheme', b'https'),
        (b':method', b'GET'),
    ]
    possible_auth_headers = [
        (u'authorization', u'test'),
        (u'Authorization', u'test'),
        (u'authorization', u'really long test'),
        HeaderTuple(u'authorization', u'test'),
        HeaderTuple(u'Authorization', u'test'),
        HeaderTuple(u'authorization', u'really long test'),
        NeverIndexedHeaderTuple(u'authorization', u'test'),
        NeverIndexedHeaderTuple(u'Authorization', u'test'),
        NeverIndexedHeaderTuple(u'authorization', u'really long test'),
        (b'authorization', b'test'),
        (b'Authorization', b'test'),
        (b'authorization', b'really long test'),
        HeaderTuple(b'authorization', b'test'),
        HeaderTuple(b'Authorization', b'test'),
        HeaderTuple(b'authorization', b'really long test'),
        NeverIndexedHeaderTuple(b'authorization', b'test'),
        NeverIndexedHeaderTuple(b'Authorization', b'test'),
        NeverIndexedHeaderTuple(b'authorization', b'really long test'),
        (u'proxy-authorization', u'test'),
        (u'Proxy-Authorization', u'test'),
        (u'proxy-authorization', u'really long test'),
        HeaderTuple(u'proxy-authorization', u'test'),
        HeaderTuple(u'Proxy-Authorization', u'test'),
        HeaderTuple(u'proxy-authorization', u'really long test'),
github python-hyper / hyper-h2 / test / test_header_indexing.py View on Github external
def test_authorization_headers_never_indexed_push(self,
                                                      headers,
                                                      auth_header,
                                                      frame_factory):
        """
        Authorization and Proxy-Authorization headers are always forced to be
        never-indexed, regardless of their form, when pushed by a server.
        """
        # Regardless of what we send, we expect it to be never indexed.
        send_headers = headers + [auth_header]
        expected_headers = headers + [
            NeverIndexedHeaderTuple(auth_header[0].lower(), auth_header[1])
        ]

        c = h2.connection.H2Connection(config=self.server_config)
        c.receive_data(frame_factory.preamble())

        # We can use normal headers for the request.
        f = frame_factory.build_headers_frame(
            self.example_request_headers
        )
        c.receive_data(f.serialize())

        frame_factory.refresh_encoder()
        expected_frame = frame_factory.build_push_promise_frame(
            stream_id=1,
            promised_stream_id=2,
            headers=expected_headers,
github python-hyper / hyper-h2 / h2 / utilities.py View on Github external
never-indexed fields to ensure they don't get added to header compression
    contexts.

    This function currently implements two rules:

    - 'authorization' and 'proxy-authorization' fields are automatically made
      never-indexed.
    - Any 'cookie' header field shorter than 20 bytes long is made
      never-indexed.

    These fields are the most at-risk. These rules are inspired by Firefox
    and nghttp2.
    """
    for header in headers:
        if header[0] in _SECURE_HEADERS:
            yield NeverIndexedHeaderTuple(*header)
        elif header[0] in (b'cookie', u'cookie') and len(header[1]) < 20:
            yield NeverIndexedHeaderTuple(*header)
        else:
            yield header
github opensvc / opensvc / opensvc / foreign / h2 / utilities.py View on Github external
never-indexed fields to ensure they don't get added to header compression
    contexts.

    This function currently implements two rules:

    - 'authorization' and 'proxy-authorization' fields are automatically made
      never-indexed.
    - Any 'cookie' header field shorter than 20 bytes long is made
      never-indexed.

    These fields are the most at-risk. These rules are inspired by Firefox
    and nghttp2.
    """
    for header in headers:
        if header[0] in _SECURE_HEADERS:
            yield NeverIndexedHeaderTuple(*header)
        elif header[0] in (b'cookie', u'cookie') and len(header[1]) < 20:
            yield NeverIndexedHeaderTuple(*header)
        else:
            yield header