Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
slapos
Commits
e5b2a05c
Commit
e5b2a05c
authored
Aug 29, 2022
by
Łukasz Nowak
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
rapid-cdn: c->h: Implement disabled-cookie-list
parent
102cfd02
Changes
4
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
17 additions
and
17 deletions
+17
-17
software/rapid-cdn/buildout.hash.cfg
software/rapid-cdn/buildout.hash.cfg
+1
-1
software/rapid-cdn/templates/default-virtualhost.conf.in
software/rapid-cdn/templates/default-virtualhost.conf.in
+0
-4
software/rapid-cdn/templates/frontend-haproxy.cfg.in
software/rapid-cdn/templates/frontend-haproxy.cfg.in
+3
-0
software/rapid-cdn/test/test.py
software/rapid-cdn/test/test.py
+13
-12
No files found.
software/rapid-cdn/buildout.hash.cfg
View file @
e5b2a05c
...
...
@@ -38,7 +38,7 @@ md5sum = cba4d995962f7fbeae3f61c9372c4181
[template-frontend-haproxy-configuration]
_update_hash_filename_ = templates/frontend-haproxy.cfg.in
md5sum =
7c96b713bd25fdad23ff20660e625a58
md5sum =
d115e229b7b76bcc6aba4ba62e887ccb
[template-frontend-haproxy-crt-list]
_update_hash_filename_ = templates/frontend-haproxy-crt-list.in
...
...
software/rapid-cdn/templates/default-virtualhost.conf.in
View file @
e5b2a05c
...
...
@@ -87,10 +87,6 @@
without /prefer-gzip
header_upstream Accept-Encoding gzip
{%- endif %} {#- if proxy_name == 'prefer-gzip' #}
{%- for disabled_cookie in slave_parameter['disabled-cookie-list'] %}
# Remove cookie {{ disabled_cookie }} from client Cookies
header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
{%- endfor %} {#- for disabled_cookie in slave_parameter['disabled-cookie-list'] #}
{%- if slave_parameter['disable-no-cache-request'] %}
header_upstream -Cache-Control
...
...
software/rapid-cdn/templates/frontend-haproxy.cfg.in
View file @
e5b2a05c
...
...
@@ -109,6 +109,9 @@ backend {{ slave_instance['slave_reference'] }}-{{ scheme }}
http-response set-header Strict-Transport-Security "{{ ''.join(strict_transport_security) }}"
{%- endif %}
{%- endif %}
{%- for disabled_cookie in slave_instance['disabled-cookie-list'] %}
http-request replace-header Cookie (.*)(^{{ disabled_cookie | replace('%', '%%') }}=[^;]*;\ |;\ {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*) \1\3
{%- endfor %}
{%- if info_dict['path'] %}
http-request set-path {{ info_dict['path'] }}%[path]
{%- endif %} {# if info_dict['path'] #}
...
...
software/rapid-cdn/test/test.py
View file @
e5b2a05c
...
...
@@ -33,7 +33,7 @@ from requests_toolbelt.adapters import source
import
json
import
multiprocessing
import
subprocess
from
unittest
import
skip
,
expectedFailure
from
unittest
import
skip
import
ssl
from
http.server
import
HTTPServer
from
http.server
import
BaseHTTPRequestHandler
...
...
@@ -2104,9 +2104,9 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
'monitor-base-url'
:
'https://[%s]:8401'
%
self
.
_ipv6_address
,
'backend-client-caucase-url'
:
'http://[%s]:8990'
%
self
.
_ipv6_address
,
'domain'
:
'example.com'
,
'accepted-slave-amount'
:
'5
5
'
,
'accepted-slave-amount'
:
'5
6
'
,
'rejected-slave-amount'
:
'0'
,
'slave-amount'
:
'5
5
'
,
'slave-amount'
:
'5
6
'
,
'rejected-slave-dict'
:
{
},
'warning-slave-dict'
:
{
...
...
@@ -4531,37 +4531,38 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin, AtsMixin):
curl_command
,
out
,
err
))
return
out
,
err
@
expectedFailure
def
test_disabled_cookie_list
(
self
):
parameter_dict
=
self
.
assertSlaveBase
(
'disabled-cookie-list'
)
out
,
err
=
self
.
_curl
(
parameter_dict
[
'domain'
],
TEST_IP
,
HTTPS_PORT
,
# Note: Cookie order is extremely important here, do not change
# or test will start to pass incorrectly
'Coconut=absent; Chocolate=absent; Coffee=present; Vanilia=absent'
,
'Tea=present; Coconut=absent; DarkChocolate=present; Chocolate=absent; '
'Coffee=present; Vanilia=absent; Water=present'
,
)
# self check - were the cookies sent in required order?
self
.
assertIn
(
'ookie:
Coconut=absent; Chocolate=absent; Coffe
e=present; '
'
Vanilia=ab
sent'
,
'ookie:
Tea=present; Coconut=absent; DarkChocolat
e=present; '
'
Chocolate=absent; Coffee=present; Vanilia=absent; Water=pre
sent'
,
err
.
decode
())
# real test - all configured cookies are dropped
self
.
assertEqual
(
'Coffee=present'
,
json
.
loads
(
out
)[
'Incoming Headers'
][
'cookie'
])
'Tea=present; DarkChocolate=present; Coffee=present; Water=present'
,
json
.
loads
(
out
)[
'Incoming Headers'
][
'cookie'
])
def
test_disabled_cookie_list_simple
(
self
):
parameter_dict
=
self
.
assertSlaveBase
(
'disabled-cookie-list'
)
parameter_dict
=
self
.
assertSlaveBase
(
'disabled-cookie-list
-simple
'
)
out
,
err
=
self
.
_curl
(
parameter_dict
[
'domain'
],
TEST_IP
,
HTTPS_PORT
,
'
WhiteChocolate=present;
Chocolate=absent; Coffee=present'
,
'Chocolate=absent; Coffee=present'
,
)
# self check - were the cookies sent in required order?
self
.
assertIn
(
'ookie:
WhiteChocolate=present;
Chocolate=absent; Coffee=present'
,
'ookie: Chocolate=absent; Coffee=present'
,
err
.
decode
())
# real test - all configured cookies are dropped
self
.
assertEqual
(
'
WhiteChocolate=present ;
Coffee=present'
,
'Coffee=present'
,
json
.
loads
(
out
)[
'Incoming Headers'
][
'cookie'
])
def
test_https_url
(
self
):
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment