opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-28 14:12:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

Plugins: CallResource: Use canonical MIME headers when writing response (#58506)

Browse Source 
* Plugins: CallResource: use canonical MIME headers when writing response

* Plugins: add tests for canonical mime headers and Set-Cookie filter

* Removed extra new line
This commit is contained in:
Giuseppe Guerra
2022-11-09 15:47:32 +01:00
committed by GitHub
parent 159607fe6f
commit 33f02839f0
2 changed files with 81 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
pkg/api/plugin_resource.go
View File

@ -7,6 +7,7 @@ import (
"fmt"
"io"
"net/http"
"net/textproto"
"net/url"
"sync"
@ -191,17 +192,22 @@ func (hs *HTTPServer) flushStream(stream callResourceClientResponseStream, w htt
}
// Expected that headers and status are only part of first stream
if processedStreams == 0 && resp.Headers != nil {
// Make sure a content type always is returned in response
if _, exists := resp.Headers["Content-Type"]; !exists && resp.Status != http.StatusNoContent {
resp.Headers["Content-Type"] = []string{"application/json"}
}
if processedStreams == 0 {
var hasContentType bool
for k, values := range resp.Headers {
// Due to security reasons we don't want to forward
// cookies from a backend plugin to clients/browsers.
if k == "Set-Cookie" {
// Convert the keys to the canonical format of MIME headers.
// This ensures that we can safely add/overwrite headers
// even if the plugin returns them in non-canonical format
// and be sure they won't be present multiple times in the response.
k = textproto.CanonicalMIMEHeaderKey(k)
switch k {
case "Set-Cookie":
// Due to security reasons we don't want to forward
// cookies from a backend plugin to clients/browsers.
continue
case "Content-Type":
hasContentType = true
}
for _, v := range values {
@ -211,6 +217,11 @@ func (hs *HTTPServer) flushStream(stream callResourceClientResponseStream, w htt
}
}
// Make sure a content type always is returned in response
if !hasContentType && resp.Status != http.StatusNoContent {
w.Header().Set("Content-Type", "application/json")
}
proxyutil.SetProxyResponseHeaders(w.Header())
w.WriteHeader(resp.Status)