Allow multiple secure middlewares to operate independently

2020-07-01 01:42:04 -07:00 · 2020-07-01 01:42:04 -07:00 · 73513f8371
commit 73513f8371
parent cb1d0441e9
7 changed files with 99 additions and 11 deletions
--- a/pkg/middlewares/headers/headers.go
+++ b/pkg/middlewares/headers/headers.go
@ -55,7 +55,7 @@ func New(ctx context.Context, next http.Handler, cfg dynamic.Headers, name strin

 	if hasSecureHeaders {
 		logger.Debug("Setting up secureHeaders from %v", cfg)
-		handler = newSecure(next, cfg)
+		handler = newSecure(next, cfg, name)
 		nextHandler = handler
 	}

@ -84,7 +84,7 @@ type secureHeader struct {
 }

 // newSecure constructs a new secure instance with supplied options.
-func newSecure(next http.Handler, cfg dynamic.Headers) *secureHeader {
+func newSecure(next http.Handler, cfg dynamic.Headers, contextKey string) *secureHeader {
 	opt := secure.Options{
 		BrowserXssFilter:        cfg.BrowserXSSFilter,
 		ContentTypeNosniff:      cfg.ContentTypeNosniff,
@ -107,6 +107,7 @@ func newSecure(next http.Handler, cfg dynamic.Headers) *secureHeader {
 		SSLProxyHeaders:         cfg.SSLProxyHeaders,
 		STSSeconds:              cfg.STSSeconds,
 		FeaturePolicy:           cfg.FeaturePolicy,
+		SecureContextKey:        contextKey,
 	}

 	return &secureHeader{
--- a/pkg/middlewares/headers/headers_test.go
+++ b/pkg/middlewares/headers/headers_test.go
@ -167,7 +167,9 @@ func TestSSLForceHost(t *testing.T) {
 				SSLRedirect:  true,
 				SSLForceHost: true,
 				SSLHost:      "powpow.example.com",
-			}),
+			},
+				"mymiddleware",
+			),
 			expected: http.StatusMovedPermanently,
 		},
 		{
@ -177,7 +179,9 @@ func TestSSLForceHost(t *testing.T) {
 				SSLRedirect:  true,
 				SSLForceHost: true,
 				SSLHost:      "powpow.example.com",
-			}),
+			},
+				"mymiddleware",
+			),
 			expected: http.StatusMovedPermanently,
 		},
 		{
@ -187,7 +191,9 @@ func TestSSLForceHost(t *testing.T) {
 				SSLRedirect:  true,
 				SSLForceHost: true,
 				SSLHost:      "powpow.example.com",
-			}),
+			},
+				"mymiddleware",
+			),
 			expected: http.StatusOK,
 		},
 		{
@ -197,7 +203,9 @@ func TestSSLForceHost(t *testing.T) {
 				SSLRedirect:  true,
 				SSLForceHost: true,
 				SSLHost:      "powpow.example.com",
-			}),
+			},
+				"mymiddleware",
+			),
 			expected: http.StatusMovedPermanently,
 		},
 		{
@ -207,7 +215,9 @@ func TestSSLForceHost(t *testing.T) {
 				SSLRedirect:  true,
 				SSLForceHost: false,
 				SSLHost:      "powpow.example.com",
-			}),
+			},
+				"mymiddleware",
+			),
 			expected: http.StatusMovedPermanently,
 		},
 		{
@ -217,7 +227,9 @@ func TestSSLForceHost(t *testing.T) {
 				SSLRedirect:  true,
 				SSLForceHost: false,
 				SSLHost:      "powpow.example.com",
-			}),
+			},
+				"mymiddleware",
+			),
 			expected: http.StatusOK,
 		},
 	}
--- a/pkg/responsemodifiers/headers.go
+++ b/pkg/responsemodifiers/headers.go
@ -8,7 +8,7 @@ import (
 	"github.com/unrolled/secure"
 )

-func buildHeaders(hdrs *dynamic.Headers) func(*http.Response) error {
+func buildHeaders(hdrs *dynamic.Headers, contextKey string) func(*http.Response) error {
 	opt := secure.Options{
 		BrowserXssFilter:        hdrs.BrowserXSSFilter,
 		ContentTypeNosniff:      hdrs.ContentTypeNosniff,
@ -31,6 +31,7 @@ func buildHeaders(hdrs *dynamic.Headers) func(*http.Response) error {
 		SSLProxyHeaders:         hdrs.SSLProxyHeaders,
 		STSSeconds:              hdrs.STSSeconds,
 		FeaturePolicy:           hdrs.FeaturePolicy,
+		SecureContextKey:        contextKey,
 	}

 	return func(resp *http.Response) error {
--- a/pkg/responsemodifiers/response_modifier.go
+++ b/pkg/responsemodifiers/response_modifier.go
@ -36,7 +36,7 @@ func (f *Builder) Build(ctx context.Context, names []string) func(*http.Response
 		if conf.Headers != nil {
 			getLogger(ctx, middleName, "Headers").Debug("Creating Middleware (ResponseModifier)")

-			modifiers = append(modifiers, buildHeaders(conf.Headers))
+			modifiers = append(modifiers, buildHeaders(conf.Headers, middleName))
 		} else if conf.Chain != nil {
 			chainCtx := provider.AddInContext(ctx, middleName)
 			getLogger(chainCtx, middleName, "Chain").Debug("Creating Middleware (ResponseModifier)")
--- a/pkg/responsemodifiers/response_modifier_test.go
+++ b/pkg/responsemodifiers/response_modifier_test.go
@ -62,7 +62,7 @@ func TestBuilderBuild(t *testing.T) {
 				})

 				headerM := *middlewares["foo"].Headers
-				handler, err := headers.New(ctx, next, headerM, "secure")
+				handler, err := headers.New(ctx, next, headerM, "foo")
 				require.NoError(t, err)

 				handler.ServeHTTP(httptest.NewRecorder(),