diff --git a/CHANGELOG.md b/CHANGELOG.md index f26f6a1ef..6c5b490d1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,13 @@ +## [v2.2.8](https://github.com/containous/traefik/tree/v2.2.8) (2020-07-28) +[All Commits](https://github.com/containous/traefik/compare/v2.2.7...v2.2.8) + +**Bug fixes:** +- **[webui]** fix: clean X-Forwarded-Prefix header for the dashboard. ([#7109](https://github.com/containous/traefik/pull/7109) by [ldez](https://github.com/ldez)) + +**Documentation:** +- **[docker]** spelling(docs/content/routing/providers/docker.md) ([#7101](https://github.com/containous/traefik/pull/7101) by [szczot3k](https://github.com/szczot3k)) +- **[k8s]** doc: add name of used key for kubernetes client auth ([#7068](https://github.com/containous/traefik/pull/7068) by [smueller18](https://github.com/smueller18)) + ## [v2.2.7](https://github.com/containous/traefik/tree/v2.2.7) (2020-07-20) [All Commits](https://github.com/containous/traefik/compare/v2.2.6...v2.2.7) diff --git a/docs/content/https/tls.md b/docs/content/https/tls.md index 40d0585b4..9b1023386 100644 --- a/docs/content/https/tls.md +++ b/docs/content/https/tls.md @@ -428,6 +428,7 @@ metadata: spec: clientAuth: + # the CA certificate is extracted from key `tls.ca` of the given secrets. secretNames: - secretCA clientAuthType: RequireAndVerifyClientCert diff --git a/docs/content/routing/providers/docker.md b/docs/content/routing/providers/docker.md index e19aafaa5..99128c188 100644 --- a/docs/content/routing/providers/docker.md +++ b/docs/content/routing/providers/docker.md @@ -535,7 +535,7 @@ You can declare UDP Routers and/or Services using labels. my-container: # ... labels: - - "traefik.udp.routers.my-router.entrypoint=udp" + - "traefik.udp.routers.my-router.entrypoints=udp" - "traefik.udp.services.my-service.loadbalancer.server.port=4123" ``` diff --git a/pkg/api/dashboard.go b/pkg/api/dashboard.go index e71252e48..b3168de8e 100644 --- a/pkg/api/dashboard.go +++ b/pkg/api/dashboard.go @@ -2,6 +2,7 @@ package api import ( "net/http" + "net/url" "github.com/containous/traefik/v2/pkg/log" assetfs "github.com/elazarl/go-bindata-assetfs" @@ -23,11 +24,29 @@ func (g DashboardHandler) Append(router *mux.Router) { // Expose dashboard router.Methods(http.MethodGet). Path("/"). - HandlerFunc(func(response http.ResponseWriter, request *http.Request) { - http.Redirect(response, request, request.Header.Get("X-Forwarded-Prefix")+"/dashboard/", http.StatusFound) + HandlerFunc(func(resp http.ResponseWriter, req *http.Request) { + http.Redirect(resp, req, safePrefix(req)+"/dashboard/", http.StatusFound) }) router.Methods(http.MethodGet). PathPrefix("/dashboard/"). Handler(http.StripPrefix("/dashboard/", http.FileServer(g.Assets))) } + +func safePrefix(req *http.Request) string { + prefix := req.Header.Get("X-Forwarded-Prefix") + if prefix == "" { + return "" + } + + parse, err := url.Parse(prefix) + if err != nil { + return "" + } + + if parse.Host != "" { + return "" + } + + return parse.Path +} diff --git a/pkg/api/dashboard_test.go b/pkg/api/dashboard_test.go new file mode 100644 index 000000000..c945a7000 --- /dev/null +++ b/pkg/api/dashboard_test.go @@ -0,0 +1,54 @@ +package api + +import ( + "net/http" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func Test_safePrefix(t *testing.T) { + testCases := []struct { + desc string + value string + expected string + }{ + { + desc: "host", + value: "https://example.com", + expected: "", + }, + { + desc: "host with path", + value: "https://example.com/foo/bar?test", + expected: "", + }, + { + desc: "path", + value: "/foo/bar", + expected: "/foo/bar", + }, + { + desc: "path without leading slash", + value: "foo/bar", + expected: "foo/bar", + }, + } + + for _, test := range testCases { + test := test + t.Run(test.desc, func(t *testing.T) { + t.Parallel() + + req, err := http.NewRequest(http.MethodGet, "http://localhost", nil) + require.NoError(t, err) + + req.Header.Set("X-Forwarded-Prefix", test.value) + + prefix := safePrefix(req) + + assert.Equal(t, test.expected, prefix) + }) + } +}