self-hosted/minio
self-hosted/minio
1
0
Fork 0
mirror of https://github.com/minio/minio synced 2024-10-14 20:04:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

browser: Add user-agent header filter to gorilla mux route (#8040)

Browse source 
When a peer client which higher version sends a request to a peer
server with lower version, the returned status code is 200 OK instead
of 405 code. The reason is that the peer client request reaches the
browser handler, which registers itself by '/minio' route but without
any other constraints. Adding filtering by user agent header to the
browser route so internal requests to old endpoints versions return
405 error code.
This commit is contained in:
Anis Elleuch 2019-08-13 01:05:30 +01:00 committed by Harshavardhana
parent af36c92cab
commit cea3e3f7a6
3 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
cmd/test-utils_test.go
View file

@ -1232,6 +1232,7 @@ func newWebRPCRequest(methodRPC, authorization string, body io.ReadSeeker) (*htt
if err != nil {
return nil, err
}
req.Header.Set("User-Agent", "Mozilla")
req.Header.Set("Content-Type", "application/json")
if authorization != "" {
req.Header.Set("Authorization", "Bearer "+authorization)

7
cmd/web-handlers_test.go
View file

@ -831,6 +831,7 @@ func testUploadWebHandler(obj ObjectLayer, instanceType string, t TestErrHandler
req.Header.Set("x-amz-date", "20160814T114029Z")
req.Header.Set("Accept", "*/*")
req.Header.Set("User-Agent", "Mozilla")
req.Body = ioutil.NopCloser(bytes.NewReader(content))
@ -937,6 +938,8 @@ func testDownloadWebHandler(obj ObjectLayer, instanceType string, t TestErrHandl
t.Fatalf("Cannot create upload request, %v", err)
}
req.Header.Set("User-Agent", "Mozilla")
apiRouter.ServeHTTP(rec, req)
return rec.Code, rec.Body.Bytes()
}
@ -1081,6 +1084,8 @@ func testWebHandlerDownloadZip(obj ObjectLayer, instanceType string, t TestErrHa
t.Fatalf("Cannot create upload request, %v", err)
}
req.Header.Set("User-Agent", "Mozilla")
apiRouter.ServeHTTP(rec, req)
return rec.Code, rec.Body.Bytes()
}
@ -1515,6 +1520,7 @@ func TestWebCheckAuthorization(t *testing.T) {
if err != nil {
t.Fatalf("Cannot create upload request, %v", err)
}
req.Header.Set("User-Agent", "Mozilla")
apiRouter.ServeHTTP(rec, req)
if rec.Code != http.StatusForbidden {
t.Fatalf("Expected the response status to be 403, but instead found `%d`", rec.Code)
@ -1529,6 +1535,7 @@ func TestWebCheckAuthorization(t *testing.T) {
content := []byte("temporary file's content")
req, err = http.NewRequest("PUT", "/minio/upload/bucket/object", nil)
req.Header.Set("Authorization", "Bearer foo-authorization")
req.Header.Set("User-Agent", "Mozilla")
req.Header.Set("Content-Length", strconv.Itoa(len(content)))
req.Header.Set("x-amz-date", "20160814T114029Z")
req.Header.Set("Accept", "*/*")

2
cmd/web-router.go
View file

@ -70,7 +70,7 @@ func registerWebRouter(router *mux.Router) error {
codec := json2.NewCodec()
// MinIO browser router.
webBrowserRouter := router.PathPrefix(minioReservedBucketPath).Subrouter()
webBrowserRouter := router.PathPrefix(minioReservedBucketPath).HeadersRegexp("User-Agent", ".*Mozilla.*").Subrouter()
// Initialize json rpc handlers.
webRPC := jsonrpc.NewServer()