projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
20647: Fix duplicate response headers via reverse proxy.
[arvados.git] / lib / controller / localdb / container_gateway.go
diff --git a/lib/controller/localdb/container_gateway.go b/lib/controller/localdb/container_gateway.go
index 9526c01f8e66cefd2bcb44a662921011bf91a8d0..e42a4473084a943f57af4d2699da96e169206eed 100644 (file)
--- a/lib/controller/localdb/container_gateway.go
+++ b/lib/controller/localdb/container_gateway.go
@@ -183,6 +183,15 @@ func (conn *Conn) ContainerRequestLog(ctx context.Context, opts arvados.Containe
                                        // an attacker-in-the-middle.
                                        return httpserver.ErrorWithStatus(errors.New("bad X-Arvados-Authorization-Response header"), http.StatusBadGateway)
                                }
+                               resp.Header.Del("X-Arvados-Authorization-Response")
+                               for hdr := range resp.Header {
+                                       // proxy.ServeHTTP adds each
+                                       // resp.Header to w.Header,
+                                       // which causes duplicate CORS
+                                       // and request-id headers,
+                                       // unless we do this.
+                                       w.Header().Del(hdr)
+                               }
                                return nil
                        },
                        ErrorHandler: func(w http.ResponseWriter, r *http.Request, err error) {
@@ -273,6 +282,17 @@ func (conn *Conn) serveContainerRequestLogViaKeepWeb(opts arvados.ContainerLogOp
                                r.Header.Set("X-Webdav-Source", "/log for container "+opts.Path[1:28]+"/")
                        }
                },
+               ModifyResponse: func(resp *http.Response) error {
+                       for hdr := range resp.Header {
+                               // proxy.ServeHTTP adds each
+                               // resp.Header to w.Header, which
+                               // causes duplicate CORS and
+                               // request-id headers, unless we do
+                               // this.
+                               w.Header().Del(hdr)
+                       }
+                       return nil
+               },
        }
        if conn.cluster.TLS.Insecure {
                proxy.Transport = &http.Transport{