upstream/helm
1
0
Fork 0
mirror of https://github.com/helm/helm.git synced 2026-04-21 22:27:03 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

fix: add sessionID lifecycle comment and finalize implementation

Browse source 
Signed-off-by: vaish123-fullstck <vaishnavsreekumar301@gmail.com>
This commit is contained in:
vaish123-fullstck 2026-03-27 15:37:38 +05:30
parent e55d2ce201
commit 5ec9fb23a4
1 changed files with 24 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
pkg/getter/httpgetter.go
View file

@ -1,3 +1,18 @@
/*
Copyright The Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package getter
import (
@ -15,6 +30,8 @@ import (
"helm.sh/helm/v4/internal/version"
)
// helmSessionHeader is used to group HTTP requests initiated
// during a single Helm command execution.
const helmSessionHeader = "helm-session"
// HTTPGetter is the default HTTP(/S) backend handler
@ -40,7 +57,9 @@ func (g *HTTPGetter) get(href string, opts getterOptions) (*bytes.Buffer, error)
return nil, err
}
// ✅ Optional session header (correct implementation)
// sessionID is generated once per HTTPGetter instance and,
// when sessionHeader is enabled, is sent with each request
// via the helm-session header for request correlation.
if g.sessionID != "" && opts.sessionHeader {
req.Header.Set(helmSessionHeader, g.sessionID)
}
@ -62,7 +81,8 @@ func (g *HTTPGetter) get(href string, opts getterOptions) (*bytes.Buffer, error)
if err != nil {
return nil, fmt.Errorf("unable to parse URL getting from: %w", err)
}
// Ensure credentials are only sent to the same host and scheme
// to prevent leaking credentials across different services.
if opts.passCredentialsAll || (u1.Scheme == u2.Scheme && u1.Host == u2.Host) {
if opts.username != "" && opts.password != "" {
req.SetBasicAuth(opts.username, opts.password)
@ -97,6 +117,8 @@ func NewHTTPGetter(options ...Option) (Getter, error) {
opt(&client.opts)
}
// sessionID is generated once per HTTPGetter instance
// and reused across all requests when sessionHeader is enabled.
client.sessionID = uuid.New().String()
return &client, nil