X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/acf545571425b2a2d8a26cb703f75926b6b2a987..bef56b9a22efac9ce73006623080e84a0b57f243:/lib/controller/handler.go

diff --git a/lib/controller/handler.go b/lib/controller/handler.go
index c50f98273c..25799aae9e 100644
--- a/lib/controller/handler.go
+++ b/lib/controller/handler.go
@@ -35,6 +35,20 @@ type Handler struct {
 
 func (h *Handler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
 	h.setupOnce.Do(h.setup)
+	if req.Method != "GET" && req.Method != "HEAD" {
+		// http.ServeMux returns 301 with a cleaned path if
+		// the incoming request has a double slash. Some
+		// clients (including the Go standard library) change
+		// the request method to GET when following a 301
+		// redirect if the original method was not HEAD
+		// (RFC7231 6.4.2 specifically allows this in the case
+		// of POST). Thus "POST //foo" gets misdirected to
+		// "GET /foo". To avoid this, eliminate double slashes
+		// before passing the request to ServeMux.
+		for strings.Contains(req.URL.Path, "//") {
+			req.URL.Path = strings.Replace(req.URL.Path, "//", "/", -1)
+		}
+	}
 	h.handlerStack.ServeHTTP(w, req)
 }
 
@@ -44,6 +58,8 @@ func (h *Handler) CheckHealth() error {
 	return err
 }
 
+func neverRedirect(*http.Request, []*http.Request) error { return http.ErrUseLastResponse }
+
 func (h *Handler) setup() {
 	mux := http.NewServeMux()
 	mux.Handle("/_health/", &health.Handler{
@@ -58,10 +74,12 @@ func (h *Handler) setup() {
 
 	sc := *arvados.DefaultSecureClient
 	sc.Timeout = time.Duration(h.Cluster.HTTPRequestTimeout)
+	sc.CheckRedirect = neverRedirect
 	h.secureClient = &sc
 
 	ic := *arvados.InsecureHTTPClient
 	ic.Timeout = time.Duration(h.Cluster.HTTPRequestTimeout)
+	ic.CheckRedirect = neverRedirect
 	h.insecureClient = &ic
 
 	h.proxy = &proxy{