Remove deprecated options
This commit is contained in:
parent
bee86b5ac7
commit
a3e4c85ec0
62 changed files with 43 additions and 985 deletions
|
@ -1,16 +1,13 @@
|
|||
package headers
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"regexp"
|
||||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/rs/zerolog/log"
|
||||
"github.com/traefik/traefik/v2/pkg/config/dynamic"
|
||||
"github.com/traefik/traefik/v2/pkg/logs"
|
||||
)
|
||||
|
||||
// Header is a middleware that helps setup a few basic security features.
|
||||
|
@ -29,10 +26,6 @@ func NewHeader(next http.Handler, cfg dynamic.Headers) (*Header, error) {
|
|||
hasCustomHeaders := cfg.HasCustomHeadersDefined()
|
||||
hasCorsHeaders := cfg.HasCorsHeadersDefined()
|
||||
|
||||
ctx := log.With().Str(logs.MiddlewareType, typeName).Logger().WithContext(context.Background())
|
||||
|
||||
handleDeprecation(ctx, &cfg)
|
||||
|
||||
regexes := make([]*regexp.Regexp, len(cfg.AccessControlAllowOriginListRegex))
|
||||
for i, str := range cfg.AccessControlAllowOriginListRegex {
|
||||
reg, err := regexp.Compile(str)
|
||||
|
|
|
@ -7,7 +7,6 @@ import (
|
|||
"net/http"
|
||||
|
||||
"github.com/opentracing/opentracing-go/ext"
|
||||
"github.com/rs/zerolog/log"
|
||||
"github.com/traefik/traefik/v2/pkg/config/dynamic"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares"
|
||||
"github.com/traefik/traefik/v2/pkg/middlewares/connectionheader"
|
||||
|
@ -18,26 +17,6 @@ const (
|
|||
typeName = "Headers"
|
||||
)
|
||||
|
||||
func handleDeprecation(ctx context.Context, cfg *dynamic.Headers) {
|
||||
logger := log.Ctx(ctx).Warn()
|
||||
|
||||
if cfg.SSLRedirect {
|
||||
logger.Msg("SSLRedirect is deprecated, please use entrypoint redirection instead.")
|
||||
}
|
||||
if cfg.SSLTemporaryRedirect {
|
||||
logger.Msg("SSLTemporaryRedirect is deprecated, please use entrypoint redirection instead.")
|
||||
}
|
||||
if cfg.SSLHost != "" {
|
||||
logger.Msg("SSLHost is deprecated, please use RedirectRegex middleware instead.")
|
||||
}
|
||||
if cfg.SSLForceHost {
|
||||
logger.Msg("SSLForceHost is deprecated, please use RedirectScheme middleware instead.")
|
||||
}
|
||||
if cfg.FeaturePolicy != "" {
|
||||
logger.Msg("FeaturePolicy is deprecated, please use PermissionsPolicy header instead.")
|
||||
}
|
||||
}
|
||||
|
||||
type headers struct {
|
||||
name string
|
||||
handler http.Handler
|
||||
|
@ -49,10 +28,6 @@ func New(ctx context.Context, next http.Handler, cfg dynamic.Headers, name strin
|
|||
logger := middlewares.GetLogger(ctx, name, typeName)
|
||||
logger.Debug().Msg("Creating middleware")
|
||||
|
||||
mCtx := logger.WithContext(ctx)
|
||||
|
||||
handleDeprecation(mCtx, &cfg)
|
||||
|
||||
hasSecureHeaders := cfg.HasSecureHeadersDefined()
|
||||
hasCustomHeaders := cfg.HasCustomHeadersDefined()
|
||||
hasCorsHeaders := cfg.HasCorsHeadersDefined()
|
||||
|
|
|
@ -21,9 +21,6 @@ func newSecure(next http.Handler, cfg dynamic.Headers, contextKey string) *secur
|
|||
ForceSTSHeader: cfg.ForceSTSHeader,
|
||||
FrameDeny: cfg.FrameDeny,
|
||||
IsDevelopment: cfg.IsDevelopment,
|
||||
SSLRedirect: cfg.SSLRedirect,
|
||||
SSLForceHost: cfg.SSLForceHost,
|
||||
SSLTemporaryRedirect: cfg.SSLTemporaryRedirect,
|
||||
STSIncludeSubdomains: cfg.STSIncludeSubdomains,
|
||||
STSPreload: cfg.STSPreload,
|
||||
ContentSecurityPolicy: cfg.ContentSecurityPolicy,
|
||||
|
@ -31,12 +28,10 @@ func newSecure(next http.Handler, cfg dynamic.Headers, contextKey string) *secur
|
|||
CustomFrameOptionsValue: cfg.CustomFrameOptionsValue,
|
||||
PublicKey: cfg.PublicKey,
|
||||
ReferrerPolicy: cfg.ReferrerPolicy,
|
||||
SSLHost: cfg.SSLHost,
|
||||
AllowedHosts: cfg.AllowedHosts,
|
||||
HostsProxyHeaders: cfg.HostsProxyHeaders,
|
||||
SSLProxyHeaders: cfg.SSLProxyHeaders,
|
||||
STSSeconds: cfg.STSSeconds,
|
||||
FeaturePolicy: cfg.FeaturePolicy,
|
||||
PermissionsPolicy: cfg.PermissionsPolicy,
|
||||
SecureContextKey: contextKey,
|
||||
}
|
||||
|
|
|
@ -11,125 +11,12 @@ import (
|
|||
|
||||
// Middleware tests based on https://github.com/unrolled/secure
|
||||
|
||||
func Test_newSecure_sslForceHost(t *testing.T) {
|
||||
type expected struct {
|
||||
statusCode int
|
||||
location string
|
||||
}
|
||||
|
||||
testCases := []struct {
|
||||
desc string
|
||||
host string
|
||||
cfg dynamic.Headers
|
||||
expected
|
||||
}{
|
||||
{
|
||||
desc: "http should return a 301",
|
||||
host: "http://powpow.example.com",
|
||||
cfg: dynamic.Headers{
|
||||
SSLRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "powpow.example.com",
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusMovedPermanently,
|
||||
location: "https://powpow.example.com",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "http sub domain should return a 301",
|
||||
host: "http://www.powpow.example.com",
|
||||
cfg: dynamic.Headers{
|
||||
SSLRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "powpow.example.com",
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusMovedPermanently,
|
||||
location: "https://powpow.example.com",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "https should return a 200",
|
||||
host: "https://powpow.example.com",
|
||||
cfg: dynamic.Headers{
|
||||
SSLRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "powpow.example.com",
|
||||
},
|
||||
expected: expected{statusCode: http.StatusOK},
|
||||
},
|
||||
{
|
||||
desc: "https sub domain should return a 301",
|
||||
host: "https://www.powpow.example.com",
|
||||
cfg: dynamic.Headers{
|
||||
SSLRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "powpow.example.com",
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusMovedPermanently,
|
||||
location: "https://powpow.example.com",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "http without force host and sub domain should return a 301",
|
||||
host: "http://www.powpow.example.com",
|
||||
cfg: dynamic.Headers{
|
||||
SSLRedirect: true,
|
||||
SSLForceHost: false,
|
||||
SSLHost: "powpow.example.com",
|
||||
},
|
||||
expected: expected{
|
||||
statusCode: http.StatusMovedPermanently,
|
||||
location: "https://powpow.example.com",
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "https without force host and sub domain should return a 301",
|
||||
host: "https://www.powpow.example.com",
|
||||
cfg: dynamic.Headers{
|
||||
SSLRedirect: true,
|
||||
SSLForceHost: false,
|
||||
SSLHost: "powpow.example.com",
|
||||
},
|
||||
expected: expected{statusCode: http.StatusOK},
|
||||
},
|
||||
}
|
||||
|
||||
next := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
|
||||
_, _ = rw.Write([]byte("OK"))
|
||||
})
|
||||
|
||||
for _, test := range testCases {
|
||||
t.Run(test.desc, func(t *testing.T) {
|
||||
mid := newSecure(next, test.cfg, "mymiddleware")
|
||||
|
||||
req := httptest.NewRequest(http.MethodGet, test.host, nil)
|
||||
|
||||
rw := httptest.NewRecorder()
|
||||
|
||||
mid.ServeHTTP(rw, req)
|
||||
|
||||
assert.Equal(t, test.expected.statusCode, rw.Result().StatusCode)
|
||||
assert.Equal(t, test.expected.location, rw.Header().Get("Location"))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func Test_newSecure_modifyResponse(t *testing.T) {
|
||||
testCases := []struct {
|
||||
desc string
|
||||
cfg dynamic.Headers
|
||||
expected http.Header
|
||||
}{
|
||||
{
|
||||
desc: "FeaturePolicy",
|
||||
cfg: dynamic.Headers{
|
||||
FeaturePolicy: "vibrate 'none';",
|
||||
},
|
||||
expected: http.Header{"Feature-Policy": []string{"vibrate 'none';"}},
|
||||
},
|
||||
{
|
||||
desc: "PermissionsPolicy",
|
||||
cfg: dynamic.Headers{
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue