Commit d4ad915f authored by Mikhail Mazurskiy's avatar Mikhail Mazurskiy

Cleanup Connection headers

parent e25137d1
---
title: Cleanup Connection headers
merge_request: 678
author:
type: fixed
...@@ -6,6 +6,7 @@ import ( ...@@ -6,6 +6,7 @@ import (
"fmt" "fmt"
"io" "io"
"net/http" "net/http"
"net/textproto"
"net/url" "net/url"
"strconv" "strconv"
"strings" "strings"
...@@ -188,6 +189,8 @@ func (api *API) newRequest(r *http.Request, suffix string) (*http.Request, error ...@@ -188,6 +189,8 @@ func (api *API) newRequest(r *http.Request, suffix string) (*http.Request, error
authReq = authReq.WithContext(r.Context()) authReq = authReq.WithContext(r.Context())
removeConnectionHeaders(authReq.Header)
// Clean some headers when issuing a new request without body // Clean some headers when issuing a new request without body
authReq.Header.Del("Content-Type") authReq.Header.Del("Content-Type")
authReq.Header.Del("Content-Encoding") authReq.Header.Del("Content-Encoding")
...@@ -203,7 +206,9 @@ func (api *API) newRequest(r *http.Request, suffix string) (*http.Request, error ...@@ -203,7 +206,9 @@ func (api *API) newRequest(r *http.Request, suffix string) (*http.Request, error
authReq.Header.Del("Proxy-Authenticate") authReq.Header.Del("Proxy-Authenticate")
authReq.Header.Del("Proxy-Authorization") authReq.Header.Del("Proxy-Authorization")
authReq.Header.Del("Te") authReq.Header.Del("Te")
authReq.Header.Del("Trailers") // "Trailer", not "Trailers" as per rfc2616; See errata https://www.rfc-editor.org/errata_search.php?eid=4522
// See https://httpwg.org/http-core/draft-ietf-httpbis-semantics-latest.html#field.connection
authReq.Header.Del("Trailer")
authReq.Header.Del("Upgrade") authReq.Header.Del("Upgrade")
// Also forward the Host header, which is excluded from the Header map by the http library. // Also forward the Host header, which is excluded from the Header map by the http library.
...@@ -290,6 +295,18 @@ func (api *API) doRequestWithoutRedirects(authReq *http.Request) (*http.Response ...@@ -290,6 +295,18 @@ func (api *API) doRequestWithoutRedirects(authReq *http.Request) (*http.Response
return signingTripper.RoundTrip(authReq) return signingTripper.RoundTrip(authReq)
} }
// removeConnectionHeaders removes hop-by-hop headers listed in the "Connection" header of h.
// See https://tools.ietf.org/html/rfc7230#section-6.1
func removeConnectionHeaders(h http.Header) {
for _, f := range h["Connection"] {
for _, sf := range strings.Split(f, ",") {
if sf = textproto.TrimString(sf); sf != "" {
h.Del(sf)
}
}
}
}
func copyAuthHeader(httpResponse *http.Response, w http.ResponseWriter) { func copyAuthHeader(httpResponse *http.Response, w http.ResponseWriter) {
// Negotiate authentication (Kerberos) may need to return a WWW-Authenticate // Negotiate authentication (Kerberos) may need to return a WWW-Authenticate
// header to the client even in case of success as per RFC4559. // header to the client even in case of success as per RFC4559.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment