diff options
Diffstat (limited to 'vendor/k8s.io/apimachinery/pkg/util/httpstream')
4 files changed, 28 insertions, 19 deletions
diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/httpstream.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/httpstream.go index 7c9b791d4..50d9a366f 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/httpstream.go +++ b/vendor/k8s.io/apimachinery/pkg/util/httpstream/httpstream.go @@ -136,12 +136,12 @@ func Handshake(req *http.Request, w http.ResponseWriter, serverProtocols []strin negotiatedProtocol := negotiateProtocol(clientProtocols, serverProtocols) if len(negotiatedProtocol) == 0 { - w.WriteHeader(http.StatusForbidden) for i := range serverProtocols { w.Header().Add(HeaderAcceptedProtocolVersions, serverProtocols[i]) } - fmt.Fprintf(w, "unable to upgrade: unable to negotiate protocol: client supports %v, server accepts %v", clientProtocols, serverProtocols) - return "", fmt.Errorf("unable to upgrade: unable to negotiate protocol: client supports %v, server supports %v", clientProtocols, serverProtocols) + err := fmt.Errorf("unable to upgrade: unable to negotiate protocol: client supports %v, server accepts %v", clientProtocols, serverProtocols) + http.Error(w, err.Error(), http.StatusForbidden) + return "", err } w.Header().Add(HeaderProtocolVersion, negotiatedProtocol) diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go index 3dc8e23ae..9d222faa8 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go +++ b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go @@ -23,8 +23,8 @@ import ( "time" "github.com/docker/spdystream" - "github.com/golang/glog" "k8s.io/apimachinery/pkg/util/httpstream" + "k8s.io/klog" ) // connection maintains state about a spdystream.Connection and its associated @@ -128,7 +128,7 @@ func (c *connection) newSpdyStream(stream *spdystream.Stream) { err := c.newStreamHandler(stream, replySent) rejectStream := (err != nil) if rejectStream { - glog.Warningf("Stream rejected: %v", err) + klog.Warningf("Stream rejected: %v", err) stream.Reset() return } diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go index d2d3ad8cb..2699597e7 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go +++ b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go @@ -19,6 +19,7 @@ package spdy import ( "bufio" "bytes" + "context" "crypto/tls" "encoding/base64" "fmt" @@ -66,6 +67,9 @@ type SpdyRoundTripper struct { // followRedirects indicates if the round tripper should examine responses for redirects and // follow them. followRedirects bool + // requireSameHostRedirects restricts redirect following to only follow redirects to the same host + // as the original request. + requireSameHostRedirects bool } var _ utilnet.TLSClientConfigHolder = &SpdyRoundTripper{} @@ -74,14 +78,18 @@ var _ utilnet.Dialer = &SpdyRoundTripper{} // NewRoundTripper creates a new SpdyRoundTripper that will use // the specified tlsConfig. -func NewRoundTripper(tlsConfig *tls.Config, followRedirects bool) httpstream.UpgradeRoundTripper { - return NewSpdyRoundTripper(tlsConfig, followRedirects) +func NewRoundTripper(tlsConfig *tls.Config, followRedirects, requireSameHostRedirects bool) httpstream.UpgradeRoundTripper { + return NewSpdyRoundTripper(tlsConfig, followRedirects, requireSameHostRedirects) } // NewSpdyRoundTripper creates a new SpdyRoundTripper that will use // the specified tlsConfig. This function is mostly meant for unit tests. -func NewSpdyRoundTripper(tlsConfig *tls.Config, followRedirects bool) *SpdyRoundTripper { - return &SpdyRoundTripper{tlsConfig: tlsConfig, followRedirects: followRedirects} +func NewSpdyRoundTripper(tlsConfig *tls.Config, followRedirects, requireSameHostRedirects bool) *SpdyRoundTripper { + return &SpdyRoundTripper{ + tlsConfig: tlsConfig, + followRedirects: followRedirects, + requireSameHostRedirects: requireSameHostRedirects, + } } // TLSClientConfig implements pkg/util/net.TLSClientConfigHolder for proper TLS checking during @@ -118,7 +126,7 @@ func (s *SpdyRoundTripper) dial(req *http.Request) (net.Conn, error) { } if proxyURL == nil { - return s.dialWithoutProxy(req.URL) + return s.dialWithoutProxy(req.Context(), req.URL) } // ensure we use a canonical host with proxyReq @@ -136,7 +144,7 @@ func (s *SpdyRoundTripper) dial(req *http.Request) (net.Conn, error) { proxyReq.Header.Set("Proxy-Authorization", pa) } - proxyDialConn, err := s.dialWithoutProxy(proxyURL) + proxyDialConn, err := s.dialWithoutProxy(req.Context(), proxyURL) if err != nil { return nil, err } @@ -187,14 +195,15 @@ func (s *SpdyRoundTripper) dial(req *http.Request) (net.Conn, error) { } // dialWithoutProxy dials the host specified by url, using TLS if appropriate. -func (s *SpdyRoundTripper) dialWithoutProxy(url *url.URL) (net.Conn, error) { +func (s *SpdyRoundTripper) dialWithoutProxy(ctx context.Context, url *url.URL) (net.Conn, error) { dialAddr := netutil.CanonicalAddr(url) if url.Scheme == "http" { if s.Dialer == nil { - return net.Dial("tcp", dialAddr) + var d net.Dialer + return d.DialContext(ctx, "tcp", dialAddr) } else { - return s.Dialer.Dial("tcp", dialAddr) + return s.Dialer.DialContext(ctx, "tcp", dialAddr) } } @@ -255,7 +264,7 @@ func (s *SpdyRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) ) if s.followRedirects { - conn, rawResponse, err = utilnet.ConnectWithRedirects(req.Method, req.URL, header, req.Body, s) + conn, rawResponse, err = utilnet.ConnectWithRedirects(req.Method, req.URL, header, req.Body, s, s.requireSameHostRedirects) } else { clone := utilnet.CloneRequest(req) clone.Header = header diff --git a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/upgrade.go b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/upgrade.go index 13353988f..045d214d2 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/upgrade.go +++ b/vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/upgrade.go @@ -74,15 +74,15 @@ func (u responseUpgrader) UpgradeResponse(w http.ResponseWriter, req *http.Reque connectionHeader := strings.ToLower(req.Header.Get(httpstream.HeaderConnection)) upgradeHeader := strings.ToLower(req.Header.Get(httpstream.HeaderUpgrade)) if !strings.Contains(connectionHeader, strings.ToLower(httpstream.HeaderUpgrade)) || !strings.Contains(upgradeHeader, strings.ToLower(HeaderSpdy31)) { - w.WriteHeader(http.StatusBadRequest) - fmt.Fprintf(w, "unable to upgrade: missing upgrade headers in request: %#v", req.Header) + errorMsg := fmt.Sprintf("unable to upgrade: missing upgrade headers in request: %#v", req.Header) + http.Error(w, errorMsg, http.StatusBadRequest) return nil } hijacker, ok := w.(http.Hijacker) if !ok { - w.WriteHeader(http.StatusInternalServerError) - fmt.Fprintf(w, "unable to upgrade: unable to hijack response") + errorMsg := fmt.Sprintf("unable to upgrade: unable to hijack response") + http.Error(w, errorMsg, http.StatusInternalServerError) return nil } |