[arvados] updated: 2.6.0-278-g00c93619f

[git repository hosting]

Summary of changes:
 lib/controller/integration_test.go               | 12 ++++++++++++
 lib/controller/localdb/container_gateway.go      | 20 ++++++++++++++++++++
 lib/controller/localdb/container_gateway_test.go |  2 +-
 3 files changed, 33 insertions(+), 1 deletion(-)

       via  00c93619f7691c0828f5273bc457e2840dbdc084 (commit)
      from  c18d038b87786aee25da9aac751193219e316c3a (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 00c93619f7691c0828f5273bc457e2840dbdc084
Author: Tom Clegg <tom at curii.com>
Date:   Fri Jun 16 22:19:41 2023 -0400

    20647: Fix duplicate response headers via reverse proxy.
    
    Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom at curii.com>

diff --git a/lib/controller/integration_test.go b/lib/controller/integration_test.go
index 0557aa3fd..cd0e5f948 100644
--- a/lib/controller/integration_test.go
+++ b/lib/controller/integration_test.go
@@ -1240,6 +1240,17 @@ func (s *IntegrationSuite) runContainer(c *check.C, clusterID string, token stri
 		return cfs
 	}
 
+	checkwebdavlogs := func(cr arvados.ContainerRequest) {
+		req, err := http.NewRequest("OPTIONS", "https://"+ac.APIHost+"/arvados/v1/container_requests/"+cr.UUID+"/log/"+cr.ContainerUUID+"/", nil)
+		c.Assert(err, check.IsNil)
+		req.Header.Set("Origin", "http://example.example")
+		resp, err := ac.Do(req)
+		c.Assert(err, check.IsNil)
+		c.Check(resp.StatusCode, check.Equals, http.StatusOK)
+		// Check for duplicate headers -- must use Header[], not Header.Get()
+		c.Check(resp.Header["Access-Control-Allow-Origin"], check.DeepEquals, []string{"*"})
+	}
+
 	var ctr arvados.Container
 	var lastState arvados.ContainerState
 	deadline := time.Now().Add(time.Minute)
@@ -1274,5 +1285,6 @@ func (s *IntegrationSuite) runContainer(c *check.C, clusterID string, token stri
 		c.Assert(err, check.IsNil)
 	}
 	logcfs = showlogs(cr.LogUUID)
+	checkwebdavlogs(cr)
 	return outcoll, logcfs
 }
diff --git a/lib/controller/localdb/container_gateway.go b/lib/controller/localdb/container_gateway.go
index 9526c01f8..e42a44730 100644
--- a/lib/controller/localdb/container_gateway.go
+++ b/lib/controller/localdb/container_gateway.go
@@ -183,6 +183,15 @@ func (conn *Conn) ContainerRequestLog(ctx context.Context, opts arvados.Containe
 					// an attacker-in-the-middle.
 					return httpserver.ErrorWithStatus(errors.New("bad X-Arvados-Authorization-Response header"), http.StatusBadGateway)
 				}
+				resp.Header.Del("X-Arvados-Authorization-Response")
+				for hdr := range resp.Header {
+					// proxy.ServeHTTP adds each
+					// resp.Header to w.Header,
+					// which causes duplicate CORS
+					// and request-id headers,
+					// unless we do this.
+					w.Header().Del(hdr)
+				}
 				return nil
 			},
 			ErrorHandler: func(w http.ResponseWriter, r *http.Request, err error) {
@@ -273,6 +282,17 @@ func (conn *Conn) serveContainerRequestLogViaKeepWeb(opts arvados.ContainerLogOp
 				r.Header.Set("X-Webdav-Source", "/log for container "+opts.Path[1:28]+"/")
 			}
 		},
+		ModifyResponse: func(resp *http.Response) error {
+			for hdr := range resp.Header {
+				// proxy.ServeHTTP adds each
+				// resp.Header to w.Header, which
+				// causes duplicate CORS and
+				// request-id headers, unless we do
+				// this.
+				w.Header().Del(hdr)
+			}
+			return nil
+		},
 	}
 	if conn.cluster.TLS.Insecure {
 		proxy.Transport = &http.Transport{
diff --git a/lib/controller/localdb/container_gateway_test.go b/lib/controller/localdb/container_gateway_test.go
index f7310e8de..0c58a9192 100644
--- a/lib/controller/localdb/container_gateway_test.go
+++ b/lib/controller/localdb/container_gateway_test.go
@@ -458,7 +458,7 @@ func (s *ContainerGatewaySuite) testContainerRequestLog(c *check.C) {
 		resp := rec.Result()
 		c.Check(resp.StatusCode, check.Equals, trial.expectStatus)
 		for k := range trial.expectHeader {
-			c.Check(resp.Header.Get(k), check.Equals, trial.expectHeader.Get(k))
+			c.Check(resp.Header[k], check.DeepEquals, trial.expectHeader[k])
 		}
 		buf, err := ioutil.ReadAll(resp.Body)
 		c.Check(err, check.IsNil)

-----------------------------------------------------------------------


hooks/post-receive
--