public function testTrustedHosts()
{
// create a request
$request = Request::create('/');
// no trusted host set -> no host check
$request->headers->set('host', 'evil.com');
$this->assertEquals('evil.com', $request->getHost());
// add a trusted domain and all its subdomains
Request::setTrustedHosts(array('^([a-z]{9}\\.)?trusted\\.com$'));
// untrusted host
$request->headers->set('host', 'evil.com');
try {
$request->getHost();
$this->fail('Request::getHost() should throw an exception when host is not trusted.');
} catch (\UnexpectedValueException $e) {
$this->assertEquals('Untrusted Host "evil.com"', $e->getMessage());
}
// trusted hosts
$request->headers->set('host', 'trusted.com');
$this->assertEquals('trusted.com', $request->getHost());
$this->assertEquals(80, $request->getPort());
$request->server->set('HTTPS', true);
$request->headers->set('host', 'trusted.com');
$this->assertEquals('trusted.com', $request->getHost());
$this->assertEquals(443, $request->getPort());
$request->server->set('HTTPS', false);
$request->headers->set('host', 'trusted.com:8000');
$this->assertEquals('trusted.com', $request->getHost());
$this->assertEquals(8000, $request->getPort());
$request->headers->set('host', 'subdomain.trusted.com');
$this->assertEquals('subdomain.trusted.com', $request->getHost());
// reset request for following tests
Request::setTrustedHosts(array());
}