[ARVADOS] updated: 2.1.0-741-gc736087b8
Git user
git at public.arvados.org
Thu Apr 29 20:11:58 UTC 2021
Summary of changes:
services/keep-web/handler.go | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
via c736087b86da2353965e5722a38cff5e7d891fd2 (commit)
from d48cff711af8255f3b2b69506b54a283c1aab776 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
commit c736087b86da2353965e5722a38cff5e7d891fd2
Author: Peter Amstutz <peter.amstutz at curii.com>
Date: Thu Apr 29 16:10:11 2021 -0400
17598: stripDefaultPort behavior, error message when !credentialsOK
Arvados-DCO-1.1-Signed-off-by: Peter Amstutz <peter.amstutz at curii.com>
diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index 8d59a8a27..754aefe44 100644
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -185,12 +185,14 @@ var (
}
)
-func StripDefaultPort(host string) string {
+func stripDefaultPort(host string) string {
// Will consider port 80 and port 443 to be the same vhost. I think that's fine.
- if strings.HasSuffix(host, ":80") || strings.HasSuffix(host, ":443") {
- return host[0:strings.Index(host, ":")]
+ u := &url.URL{Host: host}
+ if p := u.Port(); p == "80" || p == "443" {
+ return u.Hostname()
+ } else {
+ return host
}
- return host
}
// ServeHTTP implements http.Handler.
@@ -251,7 +253,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
credentialsOK := h.Config.cluster.Collections.TrustAllContent
reasonNotAcceptingCredentials := ""
- if r.Host != "" && StripDefaultPort(r.Host) == StripDefaultPort(h.Config.cluster.Services.WebDAVDownload.ExternalURL.Host) {
+ if r.Host != "" && stripDefaultPort(r.Host) == stripDefaultPort(h.Config.cluster.Services.WebDAVDownload.ExternalURL.Host) {
credentialsOK = true
attachment = true
} else if r.FormValue("disposition") == "attachment" {
@@ -259,7 +261,8 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
}
if !credentialsOK {
- reasonNotAcceptingCredentials = fmt.Sprintf("Collections.TrustAllContent is false and provided virtual host '%s' did not match either Services.WebDAV or Services.WebDAVDownload", r.Host)
+ reasonNotAcceptingCredentials = fmt.Sprintf("vhost %q does not specify a single collection ID or match Services.WebDAVDownload.ExternalURL %q, and Collections.TrustAllContent is false",
+ r.Host, h.Config.cluster.Services.WebDAVDownload.ExternalURL)
}
if collectionID = parseCollectionIDFromDNSName(r.Host); collectionID != "" {
@@ -369,7 +372,7 @@ func (h *handler) ServeHTTP(wOrig http.ResponseWriter, r *http.Request) {
if tokens == nil {
if !credentialsOK {
- http.Error(w, fmt.Sprintf("Authorization tokens were not accepted because %v, and no anonymous user token is configured.", reasonNotAcceptingCredentials), http.StatusUnauthorized)
+ http.Error(w, fmt.Sprintf("Authorization tokens are not accepted here: %v, and no anonymous user token is configured.", reasonNotAcceptingCredentials), http.StatusUnauthorized)
} else {
http.Error(w, fmt.Sprintf("No authorization token in request, and no anonymous user token is configured."), http.StatusUnauthorized)
}
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list