Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
d4ad915f
Commit
d4ad915f
authored
Jan 12, 2021
by
Mikhail Mazurskiy
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Cleanup Connection headers
parent
e25137d1
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
23 additions
and
1 deletion
+23
-1
changelogs/unreleased/ash2k-cleanup-auth-req-headers.yml
changelogs/unreleased/ash2k-cleanup-auth-req-headers.yml
+5
-0
internal/api/api.go
internal/api/api.go
+18
-1
No files found.
changelogs/unreleased/ash2k-cleanup-auth-req-headers.yml
0 → 100644
View file @
d4ad915f
---
title
:
Cleanup Connection headers
merge_request
:
678
author
:
type
:
fixed
internal/api/api.go
View file @
d4ad915f
...
@@ -6,6 +6,7 @@ import (
...
@@ -6,6 +6,7 @@ import (
"fmt"
"fmt"
"io"
"io"
"net/http"
"net/http"
"net/textproto"
"net/url"
"net/url"
"strconv"
"strconv"
"strings"
"strings"
...
@@ -188,6 +189,8 @@ func (api *API) newRequest(r *http.Request, suffix string) (*http.Request, error
...
@@ -188,6 +189,8 @@ func (api *API) newRequest(r *http.Request, suffix string) (*http.Request, error
authReq
=
authReq
.
WithContext
(
r
.
Context
())
authReq
=
authReq
.
WithContext
(
r
.
Context
())
removeConnectionHeaders
(
authReq
.
Header
)
// Clean some headers when issuing a new request without body
// Clean some headers when issuing a new request without body
authReq
.
Header
.
Del
(
"Content-Type"
)
authReq
.
Header
.
Del
(
"Content-Type"
)
authReq
.
Header
.
Del
(
"Content-Encoding"
)
authReq
.
Header
.
Del
(
"Content-Encoding"
)
...
@@ -203,7 +206,9 @@ func (api *API) newRequest(r *http.Request, suffix string) (*http.Request, error
...
@@ -203,7 +206,9 @@ func (api *API) newRequest(r *http.Request, suffix string) (*http.Request, error
authReq
.
Header
.
Del
(
"Proxy-Authenticate"
)
authReq
.
Header
.
Del
(
"Proxy-Authenticate"
)
authReq
.
Header
.
Del
(
"Proxy-Authorization"
)
authReq
.
Header
.
Del
(
"Proxy-Authorization"
)
authReq
.
Header
.
Del
(
"Te"
)
authReq
.
Header
.
Del
(
"Te"
)
authReq
.
Header
.
Del
(
"Trailers"
)
// "Trailer", not "Trailers" as per rfc2616; See errata https://www.rfc-editor.org/errata_search.php?eid=4522
// See https://httpwg.org/http-core/draft-ietf-httpbis-semantics-latest.html#field.connection
authReq
.
Header
.
Del
(
"Trailer"
)
authReq
.
Header
.
Del
(
"Upgrade"
)
authReq
.
Header
.
Del
(
"Upgrade"
)
// Also forward the Host header, which is excluded from the Header map by the http library.
// Also forward the Host header, which is excluded from the Header map by the http library.
...
@@ -290,6 +295,18 @@ func (api *API) doRequestWithoutRedirects(authReq *http.Request) (*http.Response
...
@@ -290,6 +295,18 @@ func (api *API) doRequestWithoutRedirects(authReq *http.Request) (*http.Response
return
signingTripper
.
RoundTrip
(
authReq
)
return
signingTripper
.
RoundTrip
(
authReq
)
}
}
// removeConnectionHeaders removes hop-by-hop headers listed in the "Connection" header of h.
// See https://tools.ietf.org/html/rfc7230#section-6.1
func
removeConnectionHeaders
(
h
http
.
Header
)
{
for
_
,
f
:=
range
h
[
"Connection"
]
{
for
_
,
sf
:=
range
strings
.
Split
(
f
,
","
)
{
if
sf
=
textproto
.
TrimString
(
sf
);
sf
!=
""
{
h
.
Del
(
sf
)
}
}
}
}
func
copyAuthHeader
(
httpResponse
*
http
.
Response
,
w
http
.
ResponseWriter
)
{
func
copyAuthHeader
(
httpResponse
*
http
.
Response
,
w
http
.
ResponseWriter
)
{
// Negotiate authentication (Kerberos) may need to return a WWW-Authenticate
// Negotiate authentication (Kerberos) may need to return a WWW-Authenticate
// header to the client even in case of success as per RFC4559.
// header to the client even in case of success as per RFC4559.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment