From 1308e342476a8be0a546f36890de1c7ed99b7332 Mon Sep 17 00:00:00 2001
From: Rob Wu <rob@robwu.nl>
Date: Fri, 26 Feb 2016 16:10:53 +0100
Subject: [PATCH] More test coverage for redirects

---
 test/setup.js |  3 +++
 test/test.js  | 28 ++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/test/setup.js b/test/setup.js
index e958502..5f86c35 100644
--- a/test/setup.js
+++ b/test/setup.js
@@ -89,6 +89,9 @@ nock('http://example.com')
     Location: '/redirectloop',
   })
 
+  .get('/redirectwithoutlocation')
+  .reply(302, 'maybe found')
+
   .get('/proxyerror')
   .replyWithError('throw node')
 ;
diff --git a/test/test.js b/test/test.js
index e7f82d8..6bee05a 100644
--- a/test/test.js
+++ b/test/test.js
@@ -95,6 +95,22 @@ describe('Basic functionality', function() {
       .expect(200, 'Response from example.com', done);
   });
 
+  it('GET /example.com:80', function(done) {
+    request(cors_anywhere)
+      .get('/example.com:80')
+      .expect('Access-Control-Allow-Origin', '*')
+      .expect('x-request-url', 'http://example.com:80/')
+      .expect(200, 'Response from example.com', done);
+  });
+
+  it('GET /example.com:443', function(done) {
+    request(cors_anywhere)
+      .get('/example.com:443')
+      .expect('Access-Control-Allow-Origin', '*')
+      .expect('x-request-url', 'https://example.com:443/')
+      .expect(200, 'Response from https://example.com', done);
+  });
+
   it('GET //example.com', function(done) {
     // '/example.com' is an invalid URL.
     request(cors_anywhere)
@@ -193,6 +209,18 @@ describe('Basic functionality', function() {
       .expect(200, 'post target', done);
   });
 
+  it('GET with 302 redirect without Location header should not be followed', function(done) {
+    // There is nothing to follow, so let the browser decide what to do with it.
+    request(cors_anywhere)
+      .get('/example.com/redirectwithoutlocation')
+      .redirects(0)
+      .expect('Access-Control-Allow-Origin', '*')
+      .expect('x-request-url', 'http://example.com/redirectwithoutlocation')
+      .expect('x-final-url', 'http://example.com/redirectwithoutlocation')
+      .expect('access-control-expose-headers', /x-final-url/)
+      .expect(302, 'maybe found', done);
+  });
+
   it('POST with 307 redirect should not be handled', function(done) {
     // Because of implementation difficulties (having to keep the request body
     // in memory), handling HTTP 307/308 redirects is deferred to the requestor.