From db7330822cb7dbdd1b61a34737d1b24158d8068d Mon Sep 17 00:00:00 2001
From: Tom Clegg <tclegg@veritasgenetics.com>
Date: Wed, 13 Jun 2018 15:51:07 -0400
Subject: [PATCH] 13497: Don't propagate connection-oriented headers when
 proxying.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tclegg@veritasgenetics.com>
---
 lib/controller/handler.go | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/lib/controller/handler.go b/lib/controller/handler.go
index 013d293f2a..ad765bafa5 100644
--- a/lib/controller/handler.go
+++ b/lib/controller/handler.go
@@ -43,6 +43,19 @@ func (h *Handler) setup() {
 	h.handlerStack = mux
 }
 
+// headers that shouldn't be forwarded when proxying. See
+// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
+var dropHeaders = map[string]bool{
+	"Connection":          true,
+	"Keep-Alive":          true,
+	"Proxy-Authenticate":  true,
+	"Proxy-Authorization": true,
+	"TE":                true,
+	"Trailer":           true,
+	"Transfer-Encoding": true,
+	"Upgrade":           true,
+}
+
 func (h *Handler) proxyRailsAPI(w http.ResponseWriter, reqIn *http.Request) {
 	urlOut, err := findRailsAPI(h.Cluster, h.Node)
 	if err != nil {
@@ -61,7 +74,9 @@ func (h *Handler) proxyRailsAPI(w http.ResponseWriter, reqIn *http.Request) {
 	// headers like Via and X-Forwarded-For.
 	hdrOut := http.Header{}
 	for k, v := range reqIn.Header {
-		hdrOut[k] = v
+		if !dropHeaders[k] {
+			hdrOut[k] = v
+		}
 	}
 	xff := reqIn.RemoteAddr
 	if xffIn := reqIn.Header.Get("X-Forwarded-For"); xffIn != "" {
-- 
2.30.2