f42d0b9beb
* "Release: Updated versions in package to 8.3.5" * [v8.3.x] Fix for CVE-2022-21702 (#225) Fix for CVE-2022-21702 * Update yarn.lock for 8.3.5 * resolve conflicts (cherry picked from commit bb38cfcba4b4f824060ff385d858c63f50b72d74) * csrf checks for v8.3.5 (#234) * Fix lint * Cherry pick e2e test server changes Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com>
51 lines
1.3 KiB
Go
51 lines
1.3 KiB
Go
package proxyutil
|
|
|
|
import (
|
|
"net"
|
|
"net/http"
|
|
)
|
|
|
|
// PrepareProxyRequest prepares a request for being proxied.
|
|
// Removes X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto headers.
|
|
// Set X-Forwarded-For headers.
|
|
func PrepareProxyRequest(req *http.Request) {
|
|
req.Header.Del("X-Forwarded-Host")
|
|
req.Header.Del("X-Forwarded-Port")
|
|
req.Header.Del("X-Forwarded-Proto")
|
|
|
|
if req.RemoteAddr != "" {
|
|
remoteAddr, _, err := net.SplitHostPort(req.RemoteAddr)
|
|
if err != nil {
|
|
remoteAddr = req.RemoteAddr
|
|
}
|
|
if req.Header.Get("X-Forwarded-For") != "" {
|
|
req.Header.Set("X-Forwarded-For", req.Header.Get("X-Forwarded-For")+", "+remoteAddr)
|
|
} else {
|
|
req.Header.Set("X-Forwarded-For", remoteAddr)
|
|
}
|
|
}
|
|
}
|
|
|
|
// ClearCookieHeader clear cookie header, except for cookies specified to be kept.
|
|
func ClearCookieHeader(req *http.Request, keepCookiesNames []string) {
|
|
var keepCookies []*http.Cookie
|
|
for _, c := range req.Cookies() {
|
|
for _, v := range keepCookiesNames {
|
|
if c.Name == v {
|
|
keepCookies = append(keepCookies, c)
|
|
}
|
|
}
|
|
}
|
|
|
|
req.Header.Del("Cookie")
|
|
for _, c := range keepCookies {
|
|
req.AddCookie(c)
|
|
}
|
|
}
|
|
|
|
// SetProxyResponseHeaders sets proxy response headers.
|
|
// Sets Content-Security-Policy: sandbox
|
|
func SetProxyResponseHeaders(header http.Header) {
|
|
header.Set("Content-Security-Policy", "sandbox")
|
|
}
|