mirror of
https://github.com/traefik/traefik.git
synced 2026-02-18 18:20:28 -05:00
Handle empty/missing User-Agent header
Some checks are pending
CodeQL / Analyze (push) Waiting to run
Build and Publish Documentation / Doc Process (push) Waiting to run
Build experimental image on branch / build-webui (push) Waiting to run
Build experimental image on branch / Build experimental image on branch (push) Waiting to run
Some checks are pending
CodeQL / Analyze (push) Waiting to run
Build and Publish Documentation / Doc Process (push) Waiting to run
Build experimental image on branch / build-webui (push) Waiting to run
Build experimental image on branch / Build experimental image on branch (push) Waiting to run
This commit is contained in:
parent
9eea5c4152
commit
b8fca6e460
2 changed files with 74 additions and 2 deletions
|
|
@ -44,6 +44,8 @@ var hopHeaders = []string{
|
|||
forward.Upgrade,
|
||||
}
|
||||
|
||||
var userAgentHeader = http.CanonicalHeaderKey("User-Agent")
|
||||
|
||||
type forwardAuth struct {
|
||||
address string
|
||||
authResponseHeaders []string
|
||||
|
|
@ -358,6 +360,12 @@ func writeHeader(req, forwardReq *http.Request, trustForwardHeader bool, allowed
|
|||
RemoveConnectionHeaders(forwardReq)
|
||||
utils.RemoveHeaders(forwardReq.Header, hopHeaders...)
|
||||
|
||||
if _, ok := req.Header[userAgentHeader]; !ok {
|
||||
// If the incoming request doesn't have a User-Agent header set,
|
||||
// don't send the default Go HTTP client User-Agent for the forwarded request.
|
||||
forwardReq.Header.Set(userAgentHeader, "")
|
||||
}
|
||||
|
||||
forwardReq.Header = filterForwardRequestHeaders(forwardReq.Header, allowedHeaders)
|
||||
|
||||
if clientIP, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {
|
||||
|
|
|
|||
|
|
@ -536,8 +536,7 @@ func Test_writeHeader(t *testing.T) {
|
|||
trustForwardHeader: false,
|
||||
emptyHost: true,
|
||||
expectedHeaders: map[string]string{
|
||||
"Accept": "application/json",
|
||||
"X-Forwarded-Host": "",
|
||||
"Accept": "application/json",
|
||||
},
|
||||
},
|
||||
{
|
||||
|
|
@ -610,6 +609,7 @@ func Test_writeHeader(t *testing.T) {
|
|||
"X-Forwarded-Method": "GET",
|
||||
forward.ProxyAuthenticate: "ProxyAuthenticate",
|
||||
forward.ProxyAuthorization: "ProxyAuthorization",
|
||||
"User-Agent": "",
|
||||
},
|
||||
checkForUnexpectedHeaders: true,
|
||||
},
|
||||
|
|
@ -652,6 +652,65 @@ func Test_writeHeader(t *testing.T) {
|
|||
},
|
||||
checkForUnexpectedHeaders: true,
|
||||
},
|
||||
{
|
||||
name: "set empty User-Agent header if header is allowed but missing",
|
||||
headers: map[string]string{
|
||||
"X-CustomHeader": "CustomHeader",
|
||||
"Accept": "application/json",
|
||||
},
|
||||
authRequestHeaders: []string{
|
||||
"X-CustomHeader",
|
||||
"Accept",
|
||||
"User-Agent",
|
||||
},
|
||||
expectedHeaders: map[string]string{
|
||||
"X-CustomHeader": "CustomHeader",
|
||||
"Accept": "application/json",
|
||||
"X-Forwarded-Proto": "http",
|
||||
"X-Forwarded-Host": "foo.bar",
|
||||
"X-Forwarded-Uri": "/path?q=1",
|
||||
"X-Forwarded-Method": "GET",
|
||||
"User-Agent": "",
|
||||
},
|
||||
checkForUnexpectedHeaders: true,
|
||||
},
|
||||
{
|
||||
name: "ignore User-Agent header if header is not allowed and missing",
|
||||
headers: map[string]string{
|
||||
"X-CustomHeader": "CustomHeader",
|
||||
"Accept": "application/json",
|
||||
},
|
||||
authRequestHeaders: []string{
|
||||
"X-CustomHeader",
|
||||
"Accept",
|
||||
},
|
||||
expectedHeaders: map[string]string{
|
||||
"X-CustomHeader": "CustomHeader",
|
||||
"Accept": "application/json",
|
||||
"X-Forwarded-Proto": "http",
|
||||
"X-Forwarded-Host": "foo.bar",
|
||||
"X-Forwarded-Uri": "/path?q=1",
|
||||
"X-Forwarded-Method": "GET",
|
||||
},
|
||||
checkForUnexpectedHeaders: true,
|
||||
},
|
||||
{
|
||||
name: "set empty User-Agent header if header is missing",
|
||||
headers: map[string]string{
|
||||
"X-CustomHeader": "CustomHeader",
|
||||
"Accept": "application/json",
|
||||
},
|
||||
expectedHeaders: map[string]string{
|
||||
"X-CustomHeader": "CustomHeader",
|
||||
"Accept": "application/json",
|
||||
"X-Forwarded-Proto": "http",
|
||||
"X-Forwarded-Host": "foo.bar",
|
||||
"X-Forwarded-Uri": "/path?q=1",
|
||||
"X-Forwarded-Method": "GET",
|
||||
"User-Agent": "",
|
||||
},
|
||||
checkForUnexpectedHeaders: true,
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
|
|
@ -673,9 +732,14 @@ func Test_writeHeader(t *testing.T) {
|
|||
|
||||
expectedHeaders := test.expectedHeaders
|
||||
for key, value := range expectedHeaders {
|
||||
_, headerExists := actualHeaders[http.CanonicalHeaderKey(key)]
|
||||
|
||||
assert.True(t, headerExists, "Expected header %s not found", key)
|
||||
assert.Equal(t, value, actualHeaders.Get(key))
|
||||
|
||||
actualHeaders.Del(key)
|
||||
}
|
||||
|
||||
if test.checkForUnexpectedHeaders {
|
||||
for key := range actualHeaders {
|
||||
assert.Fail(t, "Unexpected header found", key)
|
||||
|
|
|
|||
Loading…
Reference in a new issue