X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/2e03d03bc55b5a612c2bf04d878a72f2ee420d99..7f0f12c40238f3eb12a51877a755cf22357e0767:/lib/controller/proxy.go

diff --git a/lib/controller/proxy.go b/lib/controller/proxy.go
index 47b8cb4711..26d1859ec8 100644
--- a/lib/controller/proxy.go
+++ b/lib/controller/proxy.go
@@ -45,6 +45,11 @@ var dropHeaders = map[string]bool{
 
 	// Content-Length depends on encoding.
 	"Content-Length": true,
+
+	// Defend against Rails vulnerability CVE-2023-22795 -
+	// we don't use this functionality anyway, so it costs us nothing.
+	// <https://discuss.rubyonrails.org/t/cve-2023-22795-possible-redos-based-dos-vulnerability-in-action-dispatch/82118>
+	"If-None-Match": true,
 }
 
 type ResponseFilter func(*http.Response, error) (*http.Response, error)