projects / arvados.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: be0cdc7)
13497: 13779: Forward Host header, and don't follow redirects.
authorTom Clegg <tclegg@veritasgenetics.com>
Wed, 11 Jul 2018 13:27:12 +0000 (09:27 -0400)
committerTom Clegg <tclegg@veritasgenetics.com>
Wed, 11 Jul 2018 13:27:12 +0000 (09:27 -0400)
Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg@veritasgenetics.com>

lib/controller/handler.go patch | blob | history
lib/controller/handler_test.go patch | blob | history

diff --git a/lib/controller/handler.go b/lib/controller/handler.go
index 59c2f2a61d9d534f19cfb45ee2a34a38a4381808..92ded6301f3975245c13eadf398d387303dd216e 100644 (file)
--- a/lib/controller/handler.go
+++ b/lib/controller/handler.go
@@ -47,6 +47,11 @@ func (h *Handler) setup() {
        })
        mux.Handle("/", http.HandlerFunc(h.proxyRailsAPI))
        h.handlerStack = mux
+
+       // Changing the global isn't the right way to do this, but a
+       // proper solution would conflict with an impending 13493
+       // merge anyway, so this will do for now.
+       arvados.InsecureHTTPClient.CheckRedirect = func(*http.Request, []*http.Request) error { return http.ErrUseLastResponse }
 }
 
 // headers that shouldn't be forwarded when proxying. See
@@ -101,6 +106,7 @@ func (h *Handler) proxyRailsAPI(w http.ResponseWriter, reqIn *http.Request) {
        reqOut := (&http.Request{
                Method: reqIn.Method,
                URL:    urlOut,
+               Host:   reqIn.Host,
                Header: hdrOut,
                Body:   reqIn.Body,
        }).WithContext(ctx)
diff --git a/lib/controller/handler_test.go b/lib/controller/handler_test.go
index 981ad7ab91919c65327e972e6004b0eb15594352..eb947ea363705293679da1edd3430e2d8d5c0657 100644 (file)
--- a/lib/controller/handler_test.go
+++ b/lib/controller/handler_test.go
@@ -120,3 +120,11 @@ func (s *HandlerSuite) TestProxyNotFound(c *check.C) {
        c.Check(err, check.IsNil)
        c.Check(jresp["errors"], check.FitsTypeOf, []interface{}{})
 }
+
+func (s *HandlerSuite) TestProxyRedirect(c *check.C) {
+       req := httptest.NewRequest("GET", "https://example.org:1234/login?return_to=foo", nil)
+       resp := httptest.NewRecorder()
+       s.handler.ServeHTTP(resp, req)
+       c.Check(resp.Code, check.Equals, http.StatusFound)
+       c.Check(resp.Header().Get("Location"), check.Matches, `https://example\.org:1234/auth/joshid\?return_to=foo&?`)
+}