Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
K
k3s
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Jacklull
k3s
Commits
e8af67c1
Commit
e8af67c1
authored
Jun 02, 2015
by
Cesar Wong
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Remove CORS headers from pod proxy responses
The API server sends its own CORS headers in its response, and if the proxied pod response also includes its own headers, it confuses clients.
parent
52144650
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
82 additions
and
14 deletions
+82
-14
proxy.go
pkg/registry/generic/rest/proxy.go
+29
-1
proxy_test.go
pkg/registry/generic/rest/proxy_test.go
+53
-13
No files found.
pkg/registry/generic/rest/proxy.go
View file @
e8af67c1
...
@@ -214,9 +214,37 @@ func (h *UpgradeAwareProxyHandler) defaultProxyTransport(url *url.URL) http.Roun
...
@@ -214,9 +214,37 @@ func (h *UpgradeAwareProxyHandler) defaultProxyTransport(url *url.URL) http.Roun
suffix
+=
"/"
suffix
+=
"/"
}
}
pathPrepend
:=
strings
.
TrimSuffix
(
url
.
Path
,
suffix
)
pathPrepend
:=
strings
.
TrimSuffix
(
url
.
Path
,
suffix
)
return
&
proxy
.
Transport
{
internalTransport
:=
&
proxy
.
Transport
{
Scheme
:
scheme
,
Scheme
:
scheme
,
Host
:
host
,
Host
:
host
,
PathPrepend
:
pathPrepend
,
PathPrepend
:
pathPrepend
,
}
}
return
&
corsRemovingTransport
{
RoundTripper
:
internalTransport
,
}
}
// corsRemovingTransport is a wrapper for an internal transport. It removes CORS headers
// from the internal response.
type
corsRemovingTransport
struct
{
http
.
RoundTripper
}
func
(
p
*
corsRemovingTransport
)
RoundTrip
(
req
*
http
.
Request
)
(
*
http
.
Response
,
error
)
{
resp
,
err
:=
p
.
RoundTripper
.
RoundTrip
(
req
)
if
err
!=
nil
{
return
nil
,
err
}
removeCORSHeaders
(
resp
)
return
resp
,
nil
}
// removeCORSHeaders strip CORS headers sent from the backend
// This should be called on all responses before returning
func
removeCORSHeaders
(
resp
*
http
.
Response
)
{
resp
.
Header
.
Del
(
"Access-Control-Allow-Credentials"
)
resp
.
Header
.
Del
(
"Access-Control-Allow-Headers"
)
resp
.
Header
.
Del
(
"Access-Control-Allow-Methods"
)
resp
.
Header
.
Del
(
"Access-Control-Allow-Origin"
)
}
}
pkg/registry/generic/rest/proxy_test.go
View file @
e8af67c1
...
@@ -51,8 +51,10 @@ func (s *SimpleBackendHandler) ServeHTTP(w http.ResponseWriter, req *http.Reques
...
@@ -51,8 +51,10 @@ func (s *SimpleBackendHandler) ServeHTTP(w http.ResponseWriter, req *http.Reques
return
return
}
}
for
k
,
v
:=
range
s
.
responseHeader
{
if
s
.
responseHeader
!=
nil
{
w
.
Header
()
.
Add
(
k
,
v
)
for
k
,
v
:=
range
s
.
responseHeader
{
w
.
Header
()
.
Add
(
k
,
v
)
}
}
}
w
.
Write
([]
byte
(
s
.
responseBody
))
w
.
Write
([]
byte
(
s
.
responseBody
))
}
}
...
@@ -71,7 +73,7 @@ func validateParameters(t *testing.T, name string, actual url.Values, expected m
...
@@ -71,7 +73,7 @@ func validateParameters(t *testing.T, name string, actual url.Values, expected m
}
}
}
}
func
validateHeaders
(
t
*
testing
.
T
,
name
string
,
actual
http
.
Header
,
expected
map
[
string
]
string
)
{
func
validateHeaders
(
t
*
testing
.
T
,
name
string
,
actual
http
.
Header
,
expected
map
[
string
]
string
,
notExpected
[]
string
)
{
for
k
,
v
:=
range
expected
{
for
k
,
v
:=
range
expected
{
actualValue
,
ok
:=
actual
[
k
]
actualValue
,
ok
:=
actual
[
k
]
if
!
ok
{
if
!
ok
{
...
@@ -83,17 +85,28 @@ func validateHeaders(t *testing.T, name string, actual http.Header, expected map
...
@@ -83,17 +85,28 @@ func validateHeaders(t *testing.T, name string, actual http.Header, expected map
name
,
k
,
actualValue
,
v
)
name
,
k
,
actualValue
,
v
)
}
}
}
}
if
notExpected
==
nil
{
return
}
for
_
,
h
:=
range
notExpected
{
if
_
,
present
:=
actual
[
h
];
present
{
t
.
Errorf
(
"%s: unexpected header: %s"
,
name
,
h
)
}
}
}
}
func
TestServeHTTP
(
t
*
testing
.
T
)
{
func
TestServeHTTP
(
t
*
testing
.
T
)
{
tests
:=
[]
struct
{
tests
:=
[]
struct
{
name
string
name
string
method
string
method
string
requestPath
string
requestPath
string
expectedPath
string
expectedPath
string
requestBody
string
requestBody
string
requestParams
map
[
string
]
string
requestParams
map
[
string
]
string
requestHeader
map
[
string
]
string
requestHeader
map
[
string
]
string
responseHeader
map
[
string
]
string
expectedRespHeader
map
[
string
]
string
notExpectedRespHeader
[]
string
}{
}{
{
{
name
:
"root path, simple get"
,
name
:
"root path, simple get"
,
...
@@ -128,14 +141,37 @@ func TestServeHTTP(t *testing.T) {
...
@@ -128,14 +141,37 @@ func TestServeHTTP(t *testing.T) {
requestPath
:
""
,
requestPath
:
""
,
expectedPath
:
"/"
,
expectedPath
:
"/"
,
},
},
{
name
:
"remove CORS headers"
,
method
:
"GET"
,
requestPath
:
"/some/path"
,
expectedPath
:
"/some/path"
,
responseHeader
:
map
[
string
]
string
{
"Header1"
:
"value1"
,
"Access-Control-Allow-Origin"
:
"some.server"
,
"Access-Control-Allow-Methods"
:
"GET"
},
expectedRespHeader
:
map
[
string
]
string
{
"Header1"
:
"value1"
,
},
notExpectedRespHeader
:
[]
string
{
"Access-Control-Allow-Origin"
,
"Access-Control-Allow-Methods"
,
},
},
}
}
for
_
,
test
:=
range
tests
{
for
_
,
test
:=
range
tests
{
func
()
{
func
()
{
backendResponse
:=
"<html><head></head><body><a href=
\"
/test/path
\"
>Hello</a></body></html>"
backendResponse
:=
"<html><head></head><body><a href=
\"
/test/path
\"
>Hello</a></body></html>"
backendResponseHeader
:=
test
.
responseHeader
// Test a simple header if not specified in the test
if
backendResponseHeader
==
nil
&&
test
.
expectedRespHeader
==
nil
{
backendResponseHeader
=
map
[
string
]
string
{
"Content-Type"
:
"text/html"
}
test
.
expectedRespHeader
=
map
[
string
]
string
{
"Content-Type"
:
"text/html"
}
}
backendHandler
:=
&
SimpleBackendHandler
{
backendHandler
:=
&
SimpleBackendHandler
{
responseBody
:
backendResponse
,
responseBody
:
backendResponse
,
responseHeader
:
map
[
string
]
string
{
"Content-Type"
:
"text/html"
}
,
responseHeader
:
backendResponseHeader
,
}
}
backendServer
:=
httptest
.
NewServer
(
backendHandler
)
backendServer
:=
httptest
.
NewServer
(
backendHandler
)
defer
backendServer
.
Close
()
defer
backendServer
.
Close
()
...
@@ -197,9 +233,13 @@ func TestServeHTTP(t *testing.T) {
...
@@ -197,9 +233,13 @@ func TestServeHTTP(t *testing.T) {
// Headers
// Headers
validateHeaders
(
t
,
test
.
name
+
" backend request"
,
backendHandler
.
requestHeader
,
validateHeaders
(
t
,
test
.
name
+
" backend request"
,
backendHandler
.
requestHeader
,
test
.
requestHeader
)
test
.
requestHeader
,
nil
)
// Validate proxy response
// Validate proxy response
// Response Headers
validateHeaders
(
t
,
test
.
name
+
" backend headers"
,
res
.
Header
,
test
.
expectedRespHeader
,
test
.
notExpectedRespHeader
)
// Validate Body
// Validate Body
responseBody
,
err
:=
ioutil
.
ReadAll
(
res
.
Body
)
responseBody
,
err
:=
ioutil
.
ReadAll
(
res
.
Body
)
if
err
!=
nil
{
if
err
!=
nil
{
...
@@ -297,7 +337,7 @@ func TestDefaultProxyTransport(t *testing.T) {
...
@@ -297,7 +337,7 @@ func TestDefaultProxyTransport(t *testing.T) {
Location
:
locURL
,
Location
:
locURL
,
}
}
result
:=
h
.
defaultProxyTransport
(
URL
)
result
:=
h
.
defaultProxyTransport
(
URL
)
transport
:=
result
.
(
*
proxy
.
Transport
)
transport
:=
result
.
(
*
corsRemovingTransport
)
.
RoundTripper
.
(
*
proxy
.
Transport
)
if
transport
.
Scheme
!=
test
.
expectedScheme
{
if
transport
.
Scheme
!=
test
.
expectedScheme
{
t
.
Errorf
(
"%s: unexpected scheme. Actual: %s, Expected: %s"
,
test
.
name
,
transport
.
Scheme
,
test
.
expectedScheme
)
t
.
Errorf
(
"%s: unexpected scheme. Actual: %s, Expected: %s"
,
test
.
name
,
transport
.
Scheme
,
test
.
expectedScheme
)
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment