fix: add Host header to HTTP test requests for fasthttp v1.70.0 compatibility

fasthttp v1.70.0 now enforces the HTTP/1.1 requirement of exactly one Host header, rejecting requests that omit it. Fix tests that were failing due to missing host.
2026-04-17 03:11:02 +00:00 · 2026-04-13 19:13:58 -07:00
parent ccba8a5736
commit 873148a5c4
6 changed files with 17 additions and 0 deletions
--- a/s3api/controllers/cors_default_origin_test.go
+++ b/s3api/controllers/cors_default_origin_test.go
@@ -45,6 +45,7 @@ func TestApplyBucketCORS_FallbackOrigin_NoBucketCors_NoRequestOrigin(t *testing.
 	if err != nil {
 		t.Fatalf("new request: %v", err)
 	}
+	req.Host = "localhost"

 	resp, err := app.Test(req)
 	if err != nil {
@@ -80,6 +81,7 @@ func TestApplyBucketCORS_FallbackOrigin_NotAppliedWhenBucketCorsExists(t *testin
 	if err != nil {
 		t.Fatalf("new request: %v", err)
 	}
+	req.Host = "localhost"

 	resp, err := app.Test(req)
 	if err != nil {
--- a/s3api/middlewares/apply-bucket-cors-preflight_test.go
+++ b/s3api/middlewares/apply-bucket-cors-preflight_test.go
@@ -53,6 +53,7 @@ func TestApplyBucketCORSPreflightFallback_NoBucketCors_Responds204(t *testing.T)
 	if err != nil {
 		t.Fatalf("new request: %v", err)
 	}
+	req.Host = "localhost"
 	req.Header.Set("Origin", "https://request-origin.example")
 	req.Header.Set("Access-Control-Request-Method", "GET")
 	req.Header.Set("Access-Control-Request-Headers", "content-type")
@@ -95,6 +96,7 @@ func TestApplyBucketCORSPreflightFallback_NoSuchBucket_Responds204(t *testing.T)
 	if err != nil {
 		t.Fatalf("new request: %v", err)
 	}
+	req.Host = "localhost"
 	req.Header.Set("Origin", "https://request-origin.example")
 	req.Header.Set("Access-Control-Request-Method", "PUT")
 	req.Header.Set("Access-Control-Request-Headers", "content-type")
@@ -134,6 +136,7 @@ func TestApplyBucketCORSPreflightFallback_BucketHasCors_CallsNext(t *testing.T)
 	if err != nil {
 		t.Fatalf("new request: %v", err)
 	}
+	req.Host = "localhost"

 	resp, err := app.Test(req)
 	if err != nil {
--- a/s3api/middlewares/apply-default-cors-preflight_test.go
+++ b/s3api/middlewares/apply-default-cors-preflight_test.go
@@ -35,6 +35,7 @@ func TestApplyDefaultCORSPreflight_OptionsSetsPreflightHeaders(t *testing.T) {
 	if err != nil {
 		t.Fatalf("new request: %v", err)
 	}
+	req.Host = "localhost"
 	req.Header.Set("Origin", "https://request-origin.example")
 	req.Header.Set("Access-Control-Request-Method", "PATCH")
 	req.Header.Set("Access-Control-Request-Headers", "content-type,authorization")
--- a/s3api/middlewares/apply-default-cors_test.go
+++ b/s3api/middlewares/apply-default-cors_test.go
@@ -33,6 +33,7 @@ func TestApplyDefaultCORS_AddsHeaderWhenOriginSet(t *testing.T) {
 	if err != nil {
 		t.Fatalf("new request: %v", err)
 	}
+	req.Host = "localhost"

 	resp, err := app.Test(req)
 	if err != nil {
@@ -62,6 +63,7 @@ func TestApplyDefaultCORS_DoesNotOverrideExistingHeader(t *testing.T) {
 	if err != nil {
 		t.Fatalf("new request: %v", err)
 	}
+	req.Host = "localhost"

 	resp, err := app.Test(req)
 	if err != nil {
--- a/s3api/middlewares/object-post-auth_test.go
+++ b/s3api/middlewares/object-post-auth_test.go
@@ -103,6 +103,7 @@ func makePostRequest(t *testing.T, body []byte, boundary string) *http.Request {

 	req, err := http.NewRequest(http.MethodPost, "/mybucket", bytes.NewReader(body))
 	assert.NoError(t, err)
+	req.Host = "localhost"
 	req.Header.Set("Content-Type", fmt.Sprintf("multipart/form-data; boundary=%s", boundary))
 	// Set both the header and the int64 field: app.Test() serialises the
 	// request via req.Write() which uses req.ContentLength; fasthttp then
@@ -283,6 +284,7 @@ func TestAuthorizePostObject_InvalidContentType_ReturnsError(t *testing.T) {

 	req, err := http.NewRequest(http.MethodPost, "/mybucket", strings.NewReader("body"))
 	assert.NoError(t, err)
+	req.Host = "localhost"
 	req.Header.Set("Content-Type", "application/json")
 	req.Header.Set("Content-Length", "4")

--- a/s3api/router_cors_test.go
+++ b/s3api/router_cors_test.go
@@ -71,6 +71,7 @@ func TestS3ApiRouter_ListBuckets_DefaultCORSAllowOrigin(t *testing.T) {
 	if err != nil {
 		t.Fatalf("new request: %v", err)
 	}
+	req.Host = "localhost"

 	resp, err := app.Test(req)
 	if err != nil {
@@ -101,6 +102,7 @@ func TestS3ApiRouter_ListBuckets_OptionsPreflight_DefaultCORS(t *testing.T) {
 	if err != nil {
 		t.Fatalf("new request: %v", err)
 	}
+	req.Host = "localhost"
 	req.Header.Set("Origin", "https://client.example")
 	req.Header.Set("Access-Control-Request-Method", "GET")
 	req.Header.Set("Access-Control-Request-Headers", "authorization")
@@ -134,6 +136,7 @@ func TestS3ApiRouter_PutBucketTagging_ErrorStillIncludesFallbackCORS(t *testing.
 	if err != nil {
 		t.Fatalf("new request: %v", err)
 	}
+	req.Host = "localhost"
 	req.Header.Set("Origin", origin)

 	resp, err := app.Test(req)
@@ -162,6 +165,7 @@ func TestS3ApiRouter_PutObjectTagging_ErrorStillIncludesFallbackCORS(t *testing.
 	if err != nil {
 		t.Fatalf("new request: %v", err)
 	}
+	req.Host = "localhost"
 	req.Header.Set("Origin", origin)

 	resp, err := app.Test(req)
@@ -190,6 +194,7 @@ func TestS3ApiRouter_CopyObject_ErrorStillIncludesFallbackCORS(t *testing.T) {
 	if err != nil {
 		t.Fatalf("new request: %v", err)
 	}
+	req.Host = "localhost"
 	req.Header.Set("Origin", origin)
 	req.Header.Set("X-Amz-Copy-Source", "srcbucket/srckey")

@@ -219,6 +224,7 @@ func TestS3ApiRouter_PutObject_ErrorStillIncludesFallbackCORS(t *testing.T) {
 	if err != nil {
 		t.Fatalf("new request: %v", err)
 	}
+	req.Host = "localhost"
 	req.Header.Set("Origin", origin)

 	resp, err := app.Test(req)
@@ -263,6 +269,7 @@ func TestS3ApiRouter_OptionsWithBucketCORS_NoDuplicateHeaders(t *testing.T) {
 	if err != nil {
 		t.Fatalf("new request: %v", err)
 	}
+	req.Host = "localhost"
 	req.Header.Set("Origin", bucketOrigin)
 	req.Header.Set("Access-Control-Request-Method", "PUT")
 	req.Header.Set("Access-Control-Request-Headers", "content-type")