@@ -10,6 +10,7 @@ import (
1010 "fmt"
1111 "net/http"
1212 "net/http/httputil"
13+ "net/textproto"
1314 "strings"
1415 "time"
1516
@@ -18,6 +19,7 @@ import (
1819 "github.com/gorilla/handlers"
1920 "github.com/gorilla/mux"
2021 "github.com/pkg/errors"
22+ "golang.org/x/net/http/httpguts"
2123 "k8s.io/apimachinery/pkg/labels"
2224 "k8s.io/apimachinery/pkg/util/sets"
2325 "k8s.io/apiserver/pkg/authentication/serviceaccount"
@@ -178,6 +180,9 @@ func (n kubeFilter) impersonateHandler(writer http.ResponseWriter, request *http
178180 if len (n .bearerToken ) > 0 {
179181 request .Header .Set ("Authorization" , fmt .Sprintf ("Bearer %s" , n .bearerToken ))
180182 }
183+ // Dropping malicious header connection
184+ // https://github.com/clastix/capsule-proxy/issues/188
185+ n .removingHopByHopHeaders (request )
181186
182187 request .Header .Add ("Impersonate-User" , username )
183188
@@ -355,3 +360,28 @@ func (n kubeFilter) getProxyTenantsForOwnerKind(ownerKind capsulev1beta1.OwnerKi
355360
356361 return
357362}
363+
364+ func (n * kubeFilter ) removingHopByHopHeaders (request * http.Request ) {
365+ connectionHeaderName , upgradeHeaderName , requestUpgradeType := "connection" , "upgrade" , ""
366+
367+ if httpguts .HeaderValuesContainsToken (request .Header [connectionHeaderName ], upgradeHeaderName ) {
368+ requestUpgradeType = request .Header .Get (upgradeHeaderName )
369+ }
370+ // Removing connection headers
371+ for _ , f := range request .Header .Values (connectionHeaderName ) {
372+ for _ , sf := range strings .Split (f , "," ) {
373+ if sf = textproto .TrimString (sf ); sf != "" {
374+ request .Header .Del (sf )
375+ }
376+ }
377+ }
378+
379+ if requestUpgradeType != "" {
380+ request .Header .Set (connectionHeaderName , upgradeHeaderName )
381+ request .Header .Set (upgradeHeaderName , requestUpgradeType )
382+
383+ return
384+ }
385+
386+ request .Header .Del (connectionHeaderName )
387+ }
0 commit comments