diff options
Diffstat (limited to 'workhorse/internal/api/api.go')
-rw-r--r-- | workhorse/internal/api/api.go | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/workhorse/internal/api/api.go b/workhorse/internal/api/api.go index 988bb73f256..a420288a95a 100644 --- a/workhorse/internal/api/api.go +++ b/workhorse/internal/api/api.go @@ -6,6 +6,7 @@ import ( "fmt" "io" "net/http" + "net/textproto" "net/url" "strconv" "strings" @@ -188,6 +189,8 @@ func (api *API) newRequest(r *http.Request, suffix string) (*http.Request, error authReq = authReq.WithContext(r.Context()) + removeConnectionHeaders(authReq.Header) + // Clean some headers when issuing a new request without body authReq.Header.Del("Content-Type") authReq.Header.Del("Content-Encoding") @@ -203,7 +206,9 @@ func (api *API) newRequest(r *http.Request, suffix string) (*http.Request, error authReq.Header.Del("Proxy-Authenticate") authReq.Header.Del("Proxy-Authorization") authReq.Header.Del("Te") - authReq.Header.Del("Trailers") + // "Trailer", not "Trailers" as per rfc2616; See errata https://www.rfc-editor.org/errata_search.php?eid=4522 + // See https://httpwg.org/http-core/draft-ietf-httpbis-semantics-latest.html#field.connection + authReq.Header.Del("Trailer") authReq.Header.Del("Upgrade") // Also forward the Host header, which is excluded from the Header map by the http library. @@ -290,6 +295,18 @@ func (api *API) doRequestWithoutRedirects(authReq *http.Request) (*http.Response return signingTripper.RoundTrip(authReq) } +// removeConnectionHeaders removes hop-by-hop headers listed in the "Connection" header of h. +// See https://tools.ietf.org/html/rfc7230#section-6.1 +func removeConnectionHeaders(h http.Header) { + for _, f := range h["Connection"] { + for _, sf := range strings.Split(f, ",") { + if sf = textproto.TrimString(sf); sf != "" { + h.Del(sf) + } + } + } +} + func copyAuthHeader(httpResponse *http.Response, w http.ResponseWriter) { // Negotiate authentication (Kerberos) may need to return a WWW-Authenticate // header to the client even in case of success as per RFC4559. |