browser: Add user-agent header filter to gorilla mux route (#8040)

When a peer client which higher version sends a request to a peer
server with lower version, the returned status code is 200 OK instead
of 405 code. The reason is that the peer client request reaches the
browser handler, which registers itself by '/minio' route but without
any other constraints. Adding filtering by user agent header to the
browser route so internal requests to old endpoints versions return
405 error code.
master
Anis Elleuch 5 years ago committed by Harshavardhana
parent af36c92cab
commit cea3e3f7a6
  1. 1
      cmd/test-utils_test.go
  2. 7
      cmd/web-handlers_test.go
  3. 2
      cmd/web-router.go

@ -1232,6 +1232,7 @@ func newWebRPCRequest(methodRPC, authorization string, body io.ReadSeeker) (*htt
if err != nil { if err != nil {
return nil, err return nil, err
} }
req.Header.Set("User-Agent", "Mozilla")
req.Header.Set("Content-Type", "application/json") req.Header.Set("Content-Type", "application/json")
if authorization != "" { if authorization != "" {
req.Header.Set("Authorization", "Bearer "+authorization) req.Header.Set("Authorization", "Bearer "+authorization)

@ -831,6 +831,7 @@ func testUploadWebHandler(obj ObjectLayer, instanceType string, t TestErrHandler
req.Header.Set("x-amz-date", "20160814T114029Z") req.Header.Set("x-amz-date", "20160814T114029Z")
req.Header.Set("Accept", "*/*") req.Header.Set("Accept", "*/*")
req.Header.Set("User-Agent", "Mozilla")
req.Body = ioutil.NopCloser(bytes.NewReader(content)) req.Body = ioutil.NopCloser(bytes.NewReader(content))
@ -937,6 +938,8 @@ func testDownloadWebHandler(obj ObjectLayer, instanceType string, t TestErrHandl
t.Fatalf("Cannot create upload request, %v", err) t.Fatalf("Cannot create upload request, %v", err)
} }
req.Header.Set("User-Agent", "Mozilla")
apiRouter.ServeHTTP(rec, req) apiRouter.ServeHTTP(rec, req)
return rec.Code, rec.Body.Bytes() return rec.Code, rec.Body.Bytes()
} }
@ -1081,6 +1084,8 @@ func testWebHandlerDownloadZip(obj ObjectLayer, instanceType string, t TestErrHa
t.Fatalf("Cannot create upload request, %v", err) t.Fatalf("Cannot create upload request, %v", err)
} }
req.Header.Set("User-Agent", "Mozilla")
apiRouter.ServeHTTP(rec, req) apiRouter.ServeHTTP(rec, req)
return rec.Code, rec.Body.Bytes() return rec.Code, rec.Body.Bytes()
} }
@ -1515,6 +1520,7 @@ func TestWebCheckAuthorization(t *testing.T) {
if err != nil { if err != nil {
t.Fatalf("Cannot create upload request, %v", err) t.Fatalf("Cannot create upload request, %v", err)
} }
req.Header.Set("User-Agent", "Mozilla")
apiRouter.ServeHTTP(rec, req) apiRouter.ServeHTTP(rec, req)
if rec.Code != http.StatusForbidden { if rec.Code != http.StatusForbidden {
t.Fatalf("Expected the response status to be 403, but instead found `%d`", rec.Code) t.Fatalf("Expected the response status to be 403, but instead found `%d`", rec.Code)
@ -1529,6 +1535,7 @@ func TestWebCheckAuthorization(t *testing.T) {
content := []byte("temporary file's content") content := []byte("temporary file's content")
req, err = http.NewRequest("PUT", "/minio/upload/bucket/object", nil) req, err = http.NewRequest("PUT", "/minio/upload/bucket/object", nil)
req.Header.Set("Authorization", "Bearer foo-authorization") req.Header.Set("Authorization", "Bearer foo-authorization")
req.Header.Set("User-Agent", "Mozilla")
req.Header.Set("Content-Length", strconv.Itoa(len(content))) req.Header.Set("Content-Length", strconv.Itoa(len(content)))
req.Header.Set("x-amz-date", "20160814T114029Z") req.Header.Set("x-amz-date", "20160814T114029Z")
req.Header.Set("Accept", "*/*") req.Header.Set("Accept", "*/*")

@ -70,7 +70,7 @@ func registerWebRouter(router *mux.Router) error {
codec := json2.NewCodec() codec := json2.NewCodec()
// MinIO browser router. // MinIO browser router.
webBrowserRouter := router.PathPrefix(minioReservedBucketPath).Subrouter() webBrowserRouter := router.PathPrefix(minioReservedBucketPath).HeadersRegexp("User-Agent", ".*Mozilla.*").Subrouter()
// Initialize json rpc handlers. // Initialize json rpc handlers.
webRPC := jsonrpc.NewServer() webRPC := jsonrpc.NewServer()

Loading…
Cancel
Save