From cea3e3f7a6ed36286e589e060a776ab7ed45868a Mon Sep 17 00:00:00 2001 From: Anis Elleuch Date: Tue, 13 Aug 2019 01:05:30 +0100 Subject: [PATCH] browser: Add user-agent header filter to gorilla mux route (#8040) When a peer client which higher version sends a request to a peer server with lower version, the returned status code is 200 OK instead of 405 code. The reason is that the peer client request reaches the browser handler, which registers itself by '/minio' route but without any other constraints. Adding filtering by user agent header to the browser route so internal requests to old endpoints versions return 405 error code. --- cmd/test-utils_test.go | 1 + cmd/web-handlers_test.go | 7 +++++++ cmd/web-router.go | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/cmd/test-utils_test.go b/cmd/test-utils_test.go index b9c8d6056..b6a0c7275 100644 --- a/cmd/test-utils_test.go +++ b/cmd/test-utils_test.go @@ -1232,6 +1232,7 @@ func newWebRPCRequest(methodRPC, authorization string, body io.ReadSeeker) (*htt if err != nil { return nil, err } + req.Header.Set("User-Agent", "Mozilla") req.Header.Set("Content-Type", "application/json") if authorization != "" { req.Header.Set("Authorization", "Bearer "+authorization) diff --git a/cmd/web-handlers_test.go b/cmd/web-handlers_test.go index aeecf18fb..ad0dd25c6 100644 --- a/cmd/web-handlers_test.go +++ b/cmd/web-handlers_test.go @@ -831,6 +831,7 @@ func testUploadWebHandler(obj ObjectLayer, instanceType string, t TestErrHandler req.Header.Set("x-amz-date", "20160814T114029Z") req.Header.Set("Accept", "*/*") + req.Header.Set("User-Agent", "Mozilla") req.Body = ioutil.NopCloser(bytes.NewReader(content)) @@ -937,6 +938,8 @@ func testDownloadWebHandler(obj ObjectLayer, instanceType string, t TestErrHandl t.Fatalf("Cannot create upload request, %v", err) } + req.Header.Set("User-Agent", "Mozilla") + apiRouter.ServeHTTP(rec, req) return rec.Code, rec.Body.Bytes() } @@ -1081,6 +1084,8 @@ func testWebHandlerDownloadZip(obj ObjectLayer, instanceType string, t TestErrHa t.Fatalf("Cannot create upload request, %v", err) } + req.Header.Set("User-Agent", "Mozilla") + apiRouter.ServeHTTP(rec, req) return rec.Code, rec.Body.Bytes() } @@ -1515,6 +1520,7 @@ func TestWebCheckAuthorization(t *testing.T) { if err != nil { t.Fatalf("Cannot create upload request, %v", err) } + req.Header.Set("User-Agent", "Mozilla") apiRouter.ServeHTTP(rec, req) if rec.Code != http.StatusForbidden { t.Fatalf("Expected the response status to be 403, but instead found `%d`", rec.Code) @@ -1529,6 +1535,7 @@ func TestWebCheckAuthorization(t *testing.T) { content := []byte("temporary file's content") req, err = http.NewRequest("PUT", "/minio/upload/bucket/object", nil) req.Header.Set("Authorization", "Bearer foo-authorization") + req.Header.Set("User-Agent", "Mozilla") req.Header.Set("Content-Length", strconv.Itoa(len(content))) req.Header.Set("x-amz-date", "20160814T114029Z") req.Header.Set("Accept", "*/*") diff --git a/cmd/web-router.go b/cmd/web-router.go index f717c8823..544840622 100644 --- a/cmd/web-router.go +++ b/cmd/web-router.go @@ -70,7 +70,7 @@ func registerWebRouter(router *mux.Router) error { codec := json2.NewCodec() // MinIO browser router. - webBrowserRouter := router.PathPrefix(minioReservedBucketPath).Subrouter() + webBrowserRouter := router.PathPrefix(minioReservedBucketPath).HeadersRegexp("User-Agent", ".*Mozilla.*").Subrouter() // Initialize json rpc handlers. webRPC := jsonrpc.NewServer()