More test coverage for redirects

test/setup.js

@@ -89,6 +89,9 @@ nock('http://example.com')
     Location: '/redirectloop',
   })
 
+  .get('/redirectwithoutlocation')
+  .reply(302, 'maybe found')
+
   .get('/proxyerror')
   .replyWithError('throw node')
 ;

test/test.js

@@ -95,6 +95,22 @@ describe('Basic functionality', function() {
       .expect(200, 'Response from example.com', done);
   });
 
+  it('GET /example.com:80', function(done) {
+    request(cors_anywhere)
+      .get('/example.com:80')
+      .expect('Access-Control-Allow-Origin', '*')
+      .expect('x-request-url', 'http://example.com:80/')
+      .expect(200, 'Response from example.com', done);
+  });
+
+  it('GET /example.com:443', function(done) {
+    request(cors_anywhere)
+      .get('/example.com:443')
+      .expect('Access-Control-Allow-Origin', '*')
+      .expect('x-request-url', 'https://example.com:443/')
+      .expect(200, 'Response from https://example.com', done);
+  });
+
   it('GET //example.com', function(done) {
     // '/example.com' is an invalid URL.
     request(cors_anywhere)
@@ -193,6 +209,18 @@ describe('Basic functionality', function() {
       .expect(200, 'post target', done);
   });
 
+  it('GET with 302 redirect without Location header should not be followed', function(done) {
+    // There is nothing to follow, so let the browser decide what to do with it.
+    request(cors_anywhere)
+      .get('/example.com/redirectwithoutlocation')
+      .redirects(0)
+      .expect('Access-Control-Allow-Origin', '*')
+      .expect('x-request-url', 'http://example.com/redirectwithoutlocation')
+      .expect('x-final-url', 'http://example.com/redirectwithoutlocation')
+      .expect('access-control-expose-headers', /x-final-url/)
+      .expect(302, 'maybe found', done);
+  });
+
   it('POST with 307 redirect should not be handled', function(done) {
     // Because of implementation difficulties (having to keep the request body
     // in memory), handling HTTP 307/308 redirects is deferred to the requestor.