faas-rs/faas
1
0
Fork 0
mirror of https://github.com/openfaas/faas.git synced 2025-06-19 04:26:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove hop headers

Browse Source 
Requested by @LucasRoesler - removes headers detailed in HTTP
spec which are not supposed to be forwarded by proxies or
gateways.

Signed-off-by: Alex Ellis <alexellis2@gmail.com>
This commit is contained in:
Alex Ellis
2019-04-03 11:41:02 +01:00
parent af73147ef8
commit 78c127619e
2 changed files with 43 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
gateway/handlers/forwarding_proxy.go
View File

@ -80,6 +80,7 @@ func buildUpstreamRequest(r *http.Request, baseURL string, requestURL string) *h
upstreamReq, _ := http.NewRequest(r.Method, url, nil) upstreamReq, _ := http.NewRequest(r.Method, url, nil)
copyHeaders(upstreamReq.Header, &r.Header) copyHeaders(upstreamReq.Header, &r.Header)
deleteHeaders(&upstreamReq.Header, &hopHeaders)
if len(r.Host) > 0 && upstreamReq.Header.Get("X-Forwarded-Host") == "" { if len(r.Host) > 0 && upstreamReq.Header.Get("X-Forwarded-Host") == "" {
upstreamReq.Header["X-Forwarded-Host"] = []string{r.Host} upstreamReq.Header["X-Forwarded-Host"] = []string{r.Host}
@ -141,6 +142,12 @@ func copyHeaders(destination http.Header, source *http.Header) {
} }
} }
func deleteHeaders(target *http.Header, exclude *[]string) {
for _, h := range *exclude {
target.Del(h)
}
}
// SingleHostBaseURLResolver resolves URLs against a single BaseURL // SingleHostBaseURLResolver resolves URLs against a single BaseURL
type SingleHostBaseURLResolver struct { type SingleHostBaseURLResolver struct {
BaseURL string BaseURL string
@ -208,3 +215,20 @@ func (f FunctionPrefixTrimmingURLPathTransformer) Transform(r *http.Request) str
return ret return ret
} }
// Hop-by-hop headers. These are removed when sent to the backend.
// As of RFC 7230, hop-by-hop headers are required to appear in the
// Connection header field. These are the headers defined by the
// obsoleted RFC 2616 (section 13.5.1) and are used for backward
// compatibility.
var hopHeaders = []string{
"Connection",
"Proxy-Connection", // non-standard but still sent by libcurl and rejected by e.g. google
"Keep-Alive",
"Proxy-Authenticate",
"Proxy-Authorization",
"Te", // canonicalized version of "TE"
"Trailer", // not Trailers per URL above; https://www.rfc-editor.org/errata_search.php?eid=4522
"Transfer-Encoding",
"Upgrade",
}

19
gateway/handlers/forwarding_proxy_test.go
View File

@ -338,3 +338,22 @@ func Test_buildUpstreamRequest_WithPathAndQuery(t *testing.T) {
} }
} }
func Test_deleteHeaders(t *testing.T) {
h := http.Header{}
target := "X-Dont-Forward"
h.Add(target, "value1")
h.Add("X-Keep-This", "value2")
deleteHeaders(&h, &[]string{target})
if h.Get(target) == "value1" {
t.Errorf("want %s to be removed from headers", target)
t.Fail()
}
if h.Get("X-Keep-This") != "value2" {
t.Errorf("want %s to remain in headers", "X-Keep-This")
t.Fail()
}
}