Skip to content

slapos
slapos
Commit e21900ff authored by Łukasz Nowak's avatar Łukasz Nowak Committed by Łukasz Nowak
Browse files
Options

caddy-frontend: Implemented disabled_cookie_list

parent 5eb76fa1
Hide whitespace changes
Inline Side-by-side
Showing with 19 additions and 15 deletions
software/caddy-frontend/TODO.rst
View file @ e21900ff
...@@ -13,11 +13,6 @@ Generally things to be done with ``caddy-frontend``: ...@@ -13,11 +13,6 @@ Generally things to be done with ``caddy-frontend``:
* **Jérome Perrin**: *For event source, if I understand https://github.com/mholt/caddy/issues/1355 correctly, we could use caddy as a proxy in front of nginx-push-stream . If we have a "central shared" caddy instance, can it handle keeping connections opens for many clients ?* * **Jérome Perrin**: *For event source, if I understand https://github.com/mholt/caddy/issues/1355 correctly, we could use caddy as a proxy in front of nginx-push-stream . If we have a "central shared" caddy instance, can it handle keeping connections opens for many clients ?*
* ``ssl_ca_crt`` * ``ssl_ca_crt``
* ``disabled-cookie-list`` (requires writing middleware plugin for Caddy)::
RequestHeader edit Cookie "(^%(disabled_cookie)s=[^;]*; |; %(disabled_cookie)s=[^;]*|^%(disabled_cookie)s=[^;]*$)" ""' % dict(disabled_cookie=disabled_cookie) }}
* there is already `MR <https://github.com/mholt/caddy/pull/2144>`_ which will allow regexp modification of headers, thus cookies
* ``ssl_proxy_ca_crt`` for ``ssl_proxy_verify``, this is related to bug `#1550 <https://github.com/mholt/caddy/issues/1550>`_, proposed solution `just adding your CA to the system's trust store` * ``ssl_proxy_ca_crt`` for ``ssl_proxy_verify``, this is related to bug `#1550 <https://github.com/mholt/caddy/issues/1550>`_, proposed solution `just adding your CA to the system's trust store`
* ``check-error-on-caddy-log`` like ``check-error-on-apache-log`` * ``check-error-on-caddy-log`` like ``check-error-on-apache-log``
* cover test suite like resilient tests for KVM and prove it works the same way as Caddy * cover test suite like resilient tests for KVM and prove it works the same way as Caddy
......
software/caddy-frontend/buildout.hash.cfg
View file @ e21900ff
...@@ -58,7 +58,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b ...@@ -58,7 +58,7 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
[template-default-slave-virtualhost] [template-default-slave-virtualhost]
filename = templates/default-virtualhost.conf.in filename = templates/default-virtualhost.conf.in
md5sum = 8ed87061b9e20e2ad74aae9f80d1b53d md5sum = d9269cc085752e09f4acce37a18e160c
[template-cached-slave-virtualhost] [template-cached-slave-virtualhost]
filename = templates/cached-virtualhost.conf.in filename = templates/cached-virtualhost.conf.in
......
software/caddy-frontend/instance-slave-caddy-input-schema.json
View file @ e21900ff
...@@ -49,8 +49,8 @@ ...@@ -49,8 +49,8 @@
}, },
"disabled-cookie-list": { "disabled-cookie-list": {
"default": "", "default": "",
"description": "[NOT Implemented] List of Cookies separated by space that will not be sent to cache and backend servers. This is especially useful to discard analytics tracking cookies when using Vary: Cookie cache headers", "description": "List of Cookies separated by space that will not be sent to cache and backend servers. This is especially useful to discard analytics tracking cookies when using Vary: Cookie cache headers",
"title": "[NOT Implemented] Disabled Cookies", "title": "Disabled Cookies",
"type": "string" "type": "string"
}, },
"enable-http2": { "enable-http2": {
......
software/caddy-frontend/templates/default-virtualhost.conf.in
View file @ e21900ff
...@@ -45,9 +45,6 @@ ...@@ -45,9 +45,6 @@
log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
errors {{ slave_parameter.get('error_log') }} errors {{ slave_parameter.get('error_log') }}
{%- for disabled_cookie in disabled_cookie_list %}
{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
{%- if prefer_gzip %} {%- if prefer_gzip %}
rewrite { rewrite {
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
...@@ -66,6 +63,10 @@ ...@@ -66,6 +63,10 @@
{%- endif %} {#- if proxy_name == 'prefer-gzip' #} {%- endif %} {#- if proxy_name == 'prefer-gzip' #}
# As backend is trusting REMOTE_USER header unset it always # As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER header_upstream -REMOTE_USER
{%- for disabled_cookie in disabled_cookie_list %}
# Remove cookie {{ disabled_cookie }} from client Cookies
header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
{%- if disable_via_header %} {%- if disable_via_header %}
header_downstream -Via header_downstream -Via
...@@ -119,6 +120,10 @@ ...@@ -119,6 +120,10 @@
{%- endif %} {#- if proxy_name == 'prefer-gzip' #} {%- endif %} {#- if proxy_name == 'prefer-gzip' #}
# As backend is trusting REMOTE_USER header unset it always # As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER header_upstream -REMOTE_USER
{%- for disabled_cookie in disabled_cookie_list %}
# Remove cookie {{ disabled_cookie }} from client Cookies
header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
{%- if disable_via_header %} {%- if disable_via_header %}
header_downstream -Via header_downstream -Via
...@@ -154,9 +159,6 @@ ...@@ -154,9 +159,6 @@
log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}" log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
errors {{ slave_parameter.get('error_log') }} errors {{ slave_parameter.get('error_log') }}
{%- for disabled_cookie in disabled_cookie_list %}
{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
{%- if prefer_gzip %} {%- if prefer_gzip %}
rewrite { rewrite {
if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)" if {>Accept-Encoding} match "(^gzip,.*|.*, gzip,.*|.*, gzip$|^gzip$)"
...@@ -183,6 +185,10 @@ ...@@ -183,6 +185,10 @@
{%- endif %} {#- if proxy_name == 'prefer-gzip' #} {%- endif %} {#- if proxy_name == 'prefer-gzip' #}
# As backend is trusting REMOTE_USER header unset it always # As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER header_upstream -REMOTE_USER
{%- for disabled_cookie in disabled_cookie_list %}
# Remove cookie {{ disabled_cookie }} from client Cookies
header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
{%- if disable_via_header %} {%- if disable_via_header %}
header_downstream -Via header_downstream -Via
...@@ -230,6 +236,10 @@ ...@@ -230,6 +236,10 @@
{%- endif %} {#- if proxy_name == 'prefer-gzip' #} {%- endif %} {#- if proxy_name == 'prefer-gzip' #}
# As backend is trusting REMOTE_USER header unset it always # As backend is trusting REMOTE_USER header unset it always
header_upstream -REMOTE_USER header_upstream -REMOTE_USER
{%- for disabled_cookie in disabled_cookie_list %}
# Remove cookie {{ disabled_cookie }} from client Cookies
header_upstream Cookie "(.*)(^{{ disabled_cookie }}=[^;]*; |; {{ disabled_cookie }}=[^;]*|^{{ disabled_cookie }}=[^;]*$)(.*)" "$1 $3"
{%- endfor %} {#- for disabled_cookie in disabled_cookie_list #}
{%- if disable_via_header %} {%- if disable_via_header %}
header_downstream -Via header_downstream -Via
......
software/caddy-frontend/test/test.py
View file @ e21900ff
...@@ -2191,7 +2191,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin): ...@@ -2191,7 +2191,6 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
self.assertEqual( self.assertEqual(
result.json()['Incoming Headers']['accept-encoding'], 'deflate') result.json()['Incoming Headers']['accept-encoding'], 'deflate')
@skipIf(IS_CADDY, 'Feature postponed')
def test_disabled_cookie_list(self): def test_disabled_cookie_list(self):
parameter_dict = self.slave_connection_parameter_dict_dict[ parameter_dict = self.slave_connection_parameter_dict_dict[
'disabled-cookie-list'] 'disabled-cookie-list']
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7