diff options
Diffstat (limited to 'vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go')
| -rw-r--r-- | vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go index d2d3ad8cb..2699597e7 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go +++ b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go @@ -19,6 +19,7 @@ package spdy import ( "bufio" "bytes" + "context" "crypto/tls" "encoding/base64" "fmt" @@ -66,6 +67,9 @@ type SpdyRoundTripper struct { // followRedirects indicates if the round tripper should examine responses for redirects and // follow them. followRedirects bool + // requireSameHostRedirects restricts redirect following to only follow redirects to the same host + // as the original request. + requireSameHostRedirects bool } var _ utilnet.TLSClientConfigHolder = &SpdyRoundTripper{} @@ -74,14 +78,18 @@ var _ utilnet.Dialer = &SpdyRoundTripper{} // NewRoundTripper creates a new SpdyRoundTripper that will use // the specified tlsConfig. -func NewRoundTripper(tlsConfig *tls.Config, followRedirects bool) httpstream.UpgradeRoundTripper { - return NewSpdyRoundTripper(tlsConfig, followRedirects) +func NewRoundTripper(tlsConfig *tls.Config, followRedirects, requireSameHostRedirects bool) httpstream.UpgradeRoundTripper { + return NewSpdyRoundTripper(tlsConfig, followRedirects, requireSameHostRedirects) } // NewSpdyRoundTripper creates a new SpdyRoundTripper that will use // the specified tlsConfig. This function is mostly meant for unit tests. -func NewSpdyRoundTripper(tlsConfig *tls.Config, followRedirects bool) *SpdyRoundTripper { - return &SpdyRoundTripper{tlsConfig: tlsConfig, followRedirects: followRedirects} +func NewSpdyRoundTripper(tlsConfig *tls.Config, followRedirects, requireSameHostRedirects bool) *SpdyRoundTripper { + return &SpdyRoundTripper{ + tlsConfig: tlsConfig, + followRedirects: followRedirects, + requireSameHostRedirects: requireSameHostRedirects, + } } // TLSClientConfig implements pkg/util/net.TLSClientConfigHolder for proper TLS checking during @@ -118,7 +126,7 @@ func (s *SpdyRoundTripper) dial(req *http.Request) (net.Conn, error) { } if proxyURL == nil { - return s.dialWithoutProxy(req.URL) + return s.dialWithoutProxy(req.Context(), req.URL) } // ensure we use a canonical host with proxyReq @@ -136,7 +144,7 @@ func (s *SpdyRoundTripper) dial(req *http.Request) (net.Conn, error) { proxyReq.Header.Set("Proxy-Authorization", pa) } - proxyDialConn, err := s.dialWithoutProxy(proxyURL) + proxyDialConn, err := s.dialWithoutProxy(req.Context(), proxyURL) if err != nil { return nil, err } @@ -187,14 +195,15 @@ func (s *SpdyRoundTripper) dial(req *http.Request) (net.Conn, error) { } // dialWithoutProxy dials the host specified by url, using TLS if appropriate. -func (s *SpdyRoundTripper) dialWithoutProxy(url *url.URL) (net.Conn, error) { +func (s *SpdyRoundTripper) dialWithoutProxy(ctx context.Context, url *url.URL) (net.Conn, error) { dialAddr := netutil.CanonicalAddr(url) if url.Scheme == "http" { if s.Dialer == nil { - return net.Dial("tcp", dialAddr) + var d net.Dialer + return d.DialContext(ctx, "tcp", dialAddr) } else { - return s.Dialer.Dial("tcp", dialAddr) + return s.Dialer.DialContext(ctx, "tcp", dialAddr) } } @@ -255,7 +264,7 @@ func (s *SpdyRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) ) if s.followRedirects { - conn, rawResponse, err = utilnet.ConnectWithRedirects(req.Method, req.URL, header, req.Body, s) + conn, rawResponse, err = utilnet.ConnectWithRedirects(req.Method, req.URL, header, req.Body, s, s.requireSameHostRedirects) } else { clone := utilnet.CloneRequest(req) clone.Header = header |