github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-17 04:48:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(authn): fix several issues with authn, closes #1632 (#1633)

Browse Source 
- apply Access-Control-Allow-Credentials only if authn is enabled
- enable Logout route for basic auth
- fixed Logout godoc
- fix Access-Control-Allow-Methods on Logout route
- added allowOrigin option in config example

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>
This commit is contained in:
peusebiu
2023-07-19 19:27:04 +03:00
committed by GitHub
parent 04fccd11fd
commit 86a83ca6e3
12 changed files with 201 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/common/http_server.go
+8 -4
View File
@@ -11,6 +11,7 @@ import (
"github.com/gorilla/sessions"
jsoniter "github.com/json-iterator/go"
"zotregistry.io/zot/pkg/api/config"
"zotregistry.io/zot/pkg/api/constants"
apiErr "zotregistry.io/zot/pkg/api/errors"
"zotregistry.io/zot/pkg/log"
@@ -30,14 +31,17 @@ func AddExtensionSecurityHeaders() mux.MiddlewareFunc { //nolint:varnamelen
}
}
func ACHeadersHandler(allowedMethods ...string) mux.MiddlewareFunc {
headerValue := strings.Join(allowedMethods, ",")
func ACHeadersHandler(config *config.Config, allowedMethods ...string) mux.MiddlewareFunc {
allowedMethodsValue := strings.Join(allowedMethods, ",")
return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
resp.Header().Set("Access-Control-Allow-Methods", headerValue)
resp.Header().Set("Access-Control-Allow-Methods", allowedMethodsValue)
resp.Header().Set("Access-Control-Allow-Headers", "Authorization,content-type,"+constants.SessionClientHeaderName)
resp.Header().Set("Access-Control-Allow-Credentials", "true")
if config.IsBasicAuthnEnabled() {
resp.Header().Set("Access-Control-Allow-Credentials", "true")
}
if req.Method == http.MethodOptions {
return