Add SSLForceHost support.
This commit is contained in:
Ludovic Fernandez
Traefiker Bot
parent
dce65ab9c2
commit
b7d20496f3
37 changed files with 389 additions and 40 deletions
|
|
@ -3,7 +3,9 @@ package consulcatalog
|
|||
import (
|
||||
"testing"
|
||||
"text/template"
|
||||
"time"
|
||||
|
||||
"github.com/containous/flaeg"
|
||||
"github.com/containous/traefik/provider/label"
|
||||
"github.com/containous/traefik/types"
|
||||
"github.com/hashicorp/consul/api"
|
||||
|
|
@ -113,6 +115,266 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
desc: "when all labels are set",
|
||||
nodes: []catalogUpdate{
|
||||
{
|
||||
Service: &serviceUpdate{
|
||||
ServiceName: "test",
|
||||
Attributes: []string{
|
||||
label.TraefikBackend + "=foobar",
|
||||
|
||||
label.TraefikBackendCircuitBreakerExpression + "=NetworkErrorRatio() > 0.5",
|
||||
label.TraefikBackendHealthCheckPath + "=/health",
|
||||
label.TraefikBackendHealthCheckPort + "=880",
|
||||
label.TraefikBackendHealthCheckInterval + "=6",
|
||||
label.TraefikBackendHealthCheckHostname + "=foo.com",
|
||||
label.TraefikBackendHealthCheckHeaders + "=Foo:bar || Bar:foo",
|
||||
label.TraefikBackendLoadBalancerMethod + "=drr",
|
||||
label.TraefikBackendLoadBalancerSticky + "=true",
|
||||
label.TraefikBackendLoadBalancerStickiness + "=true",
|
||||
label.TraefikBackendLoadBalancerStickinessCookieName + "=chocolate",
|
||||
label.TraefikBackendMaxConnAmount + "=666",
|
||||
label.TraefikBackendMaxConnExtractorFunc + "=client.ip",
|
||||
label.TraefikBackendBufferingMaxResponseBodyBytes + "=10485760",
|
||||
label.TraefikBackendBufferingMemResponseBodyBytes + "=2097152",
|
||||
label.TraefikBackendBufferingMaxRequestBodyBytes + "=10485760",
|
||||
label.TraefikBackendBufferingMemRequestBodyBytes + "=2097152",
|
||||
label.TraefikBackendBufferingRetryExpression + "=IsNetworkError() && Attempts() <= 2",
|
||||
|
||||
label.TraefikFrontendAuthBasic + "=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
|
||||
label.TraefikFrontendEntryPoints + "=http,https",
|
||||
label.TraefikFrontendPassHostHeader + "=true",
|
||||
label.TraefikFrontendPassTLSCert + "=true",
|
||||
label.TraefikFrontendPriority + "=666",
|
||||
label.TraefikFrontendRedirectEntryPoint + "=https",
|
||||
label.TraefikFrontendRedirectRegex + "=nope",
|
||||
label.TraefikFrontendRedirectReplacement + "=nope",
|
||||
label.TraefikFrontendRedirectPermanent + "=true",
|
||||
label.TraefikFrontendRule + "=Host:traefik.io",
|
||||
label.TraefikFrontendWhiteListSourceRange + "=10.10.10.10",
|
||||
label.TraefikFrontendWhiteListUseXForwardedFor + "=true",
|
||||
|
||||
label.TraefikFrontendRequestHeaders + "=Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8",
|
||||
label.TraefikFrontendResponseHeaders + "=Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8",
|
||||
label.TraefikFrontendSSLProxyHeaders + "=Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8",
|
||||
label.TraefikFrontendAllowedHosts + "=foo,bar,bor",
|
||||
label.TraefikFrontendHostsProxyHeaders + "=foo,bar,bor",
|
||||
label.TraefikFrontendSSLHost + "=foo",
|
||||
label.TraefikFrontendCustomFrameOptionsValue + "=foo",
|
||||
label.TraefikFrontendContentSecurityPolicy + "=foo",
|
||||
label.TraefikFrontendPublicKey + "=foo",
|
||||
label.TraefikFrontendReferrerPolicy + "=foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue + "=foo",
|
||||
label.TraefikFrontendSTSSeconds + "=666",
|
||||
label.TraefikFrontendSSLForceHost + "=true",
|
||||
label.TraefikFrontendSSLRedirect + "=true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect + "=true",
|
||||
label.TraefikFrontendSTSIncludeSubdomains + "=true",
|
||||
label.TraefikFrontendSTSPreload + "=true",
|
||||
label.TraefikFrontendForceSTSHeader + "=true",
|
||||
label.TraefikFrontendFrameDeny + "=true",
|
||||
label.TraefikFrontendContentTypeNosniff + "=true",
|
||||
label.TraefikFrontendBrowserXSSFilter + "=true",
|
||||
label.TraefikFrontendIsDevelopment + "=true",
|
||||
|
||||
label.Prefix + label.BaseFrontendErrorPage + "foo." + label.SuffixErrorPageStatus + "=404",
|
||||
label.Prefix + label.BaseFrontendErrorPage + "foo." + label.SuffixErrorPageBackend + "=foobar",
|
||||
label.Prefix + label.BaseFrontendErrorPage + "foo." + label.SuffixErrorPageQuery + "=foo_query",
|
||||
label.Prefix + label.BaseFrontendErrorPage + "bar." + label.SuffixErrorPageStatus + "=500,600",
|
||||
label.Prefix + label.BaseFrontendErrorPage + "bar." + label.SuffixErrorPageBackend + "=foobar",
|
||||
label.Prefix + label.BaseFrontendErrorPage + "bar." + label.SuffixErrorPageQuery + "=bar_query",
|
||||
|
||||
label.TraefikFrontendRateLimitExtractorFunc + "=client.ip",
|
||||
label.Prefix + label.BaseFrontendRateLimit + "foo." + label.SuffixRateLimitPeriod + "=6",
|
||||
label.Prefix + label.BaseFrontendRateLimit + "foo." + label.SuffixRateLimitAverage + "=12",
|
||||
label.Prefix + label.BaseFrontendRateLimit + "foo." + label.SuffixRateLimitBurst + "=18",
|
||||
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitPeriod + "=3",
|
||||
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitAverage + "=6",
|
||||
label.Prefix + label.BaseFrontendRateLimit + "bar." + label.SuffixRateLimitBurst + "=9",
|
||||
},
|
||||
},
|
||||
Nodes: []*api.ServiceEntry{
|
||||
{
|
||||
Service: &api.AgentService{
|
||||
Service: "test",
|
||||
Address: "10.0.0.1",
|
||||
Port: 80,
|
||||
Tags: []string{
|
||||
label.TraefikProtocol + "=https",
|
||||
label.TraefikWeight + "=12",
|
||||
},
|
||||
},
|
||||
Node: &api.Node{
|
||||
Node: "localhost",
|
||||
Address: "127.0.0.1",
|
||||
},
|
||||
},
|
||||
{
|
||||
Service: &api.AgentService{
|
||||
Service: "test",
|
||||
Address: "10.0.0.2",
|
||||
Port: 80,
|
||||
Tags: []string{
|
||||
label.TraefikProtocol + "=https",
|
||||
label.TraefikWeight + "=12",
|
||||
},
|
||||
},
|
||||
Node: &api.Node{
|
||||
Node: "localhost",
|
||||
Address: "127.0.0.1",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedFrontends: map[string]*types.Frontend{
|
||||
"frontend-test": {
|
||||
EntryPoints: []string{
|
||||
"http",
|
||||
"https",
|
||||
},
|
||||
Backend: "backend-test",
|
||||
Routes: map[string]types.Route{
|
||||
"route-host-test": {
|
||||
Rule: "Host:traefik.io",
|
||||
},
|
||||
},
|
||||
PassHostHeader: true,
|
||||
PassTLSCert: true,
|
||||
Priority: 666,
|
||||
BasicAuth: []string{
|
||||
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
|
||||
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
|
||||
},
|
||||
WhiteList: &types.WhiteList{
|
||||
SourceRange: []string{
|
||||
"10.10.10.10",
|
||||
},
|
||||
UseXForwardedFor: true,
|
||||
},
|
||||
Headers: &types.Headers{
|
||||
CustomRequestHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
"Content-Type": "application/json; charset=utf-8",
|
||||
},
|
||||
CustomResponseHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
"Content-Type": "application/json; charset=utf-8",
|
||||
},
|
||||
AllowedHosts: []string{
|
||||
"foo",
|
||||
"bar",
|
||||
"bor",
|
||||
},
|
||||
HostsProxyHeaders: []string{
|
||||
"foo",
|
||||
"bar",
|
||||
"bor",
|
||||
},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "foo",
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
"Content-Type": "application/json; charset=utf-8",
|
||||
},
|
||||
STSSeconds: 666,
|
||||
STSIncludeSubdomains: true,
|
||||
STSPreload: true,
|
||||
ForceSTSHeader: true,
|
||||
FrameDeny: true,
|
||||
CustomFrameOptionsValue: "foo",
|
||||
ContentTypeNosniff: true,
|
||||
BrowserXSSFilter: true,
|
||||
CustomBrowserXSSValue: "foo",
|
||||
ContentSecurityPolicy: "foo",
|
||||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
IsDevelopment: true,
|
||||
},
|
||||
Errors: map[string]*types.ErrorPage{
|
||||
"foo": {
|
||||
Status: []string{"404"},
|
||||
Query: "foo_query",
|
||||
Backend: "backend-foobar",
|
||||
},
|
||||
"bar": {
|
||||
Status: []string{"500", "600"},
|
||||
Query: "bar_query",
|
||||
Backend: "backend-foobar",
|
||||
},
|
||||
},
|
||||
RateLimit: &types.RateLimit{
|
||||
ExtractorFunc: "client.ip",
|
||||
RateSet: map[string]*types.Rate{
|
||||
"foo": {
|
||||
Period: flaeg.Duration(6 * time.Second),
|
||||
Average: 12,
|
||||
Burst: 18,
|
||||
},
|
||||
"bar": {
|
||||
Period: flaeg.Duration(3 * time.Second),
|
||||
Average: 6,
|
||||
Burst: 9,
|
||||
},
|
||||
},
|
||||
},
|
||||
Redirect: &types.Redirect{
|
||||
EntryPoint: "https",
|
||||
Regex: "",
|
||||
Replacement: "",
|
||||
Permanent: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
expectedBackends: map[string]*types.Backend{
|
||||
"backend-test": {
|
||||
Servers: map[string]types.Server{
|
||||
"test-0-N753CZ-JEP1SmRf5Wfe6S3-RuM": {
|
||||
URL: "https://10.0.0.1:80",
|
||||
Weight: 12,
|
||||
},
|
||||
"test-1-u4RAIw2K4-PDJh41dqqB4kM2wy0": {
|
||||
URL: "https://10.0.0.2:80",
|
||||
Weight: 12,
|
||||
},
|
||||
},
|
||||
CircuitBreaker: &types.CircuitBreaker{
|
||||
Expression: "NetworkErrorRatio() > 0.5",
|
||||
},
|
||||
LoadBalancer: &types.LoadBalancer{
|
||||
Method: "drr",
|
||||
Sticky: true,
|
||||
Stickiness: &types.Stickiness{
|
||||
CookieName: "chocolate",
|
||||
},
|
||||
},
|
||||
MaxConn: &types.MaxConn{
|
||||
Amount: 666,
|
||||
ExtractorFunc: "client.ip",
|
||||
},
|
||||
HealthCheck: &types.HealthCheck{
|
||||
Path: "/health",
|
||||
Port: 880,
|
||||
Interval: "6",
|
||||
Hostname: "foo.com",
|
||||
Headers: map[string]string{
|
||||
"Foo": "bar",
|
||||
"Bar": "foo",
|
||||
},
|
||||
},
|
||||
Buffering: &types.Buffering{
|
||||
MaxResponseBodyBytes: 10485760,
|
||||
MemResponseBodyBytes: 2097152,
|
||||
MaxRequestBodyBytes: 10485760,
|
||||
MemRequestBodyBytes: 2097152,
|
||||
RetryExpression: "IsNetworkError() && Attempts() <= 2",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
for _, test := range testCases {
|
||||
|
|
|
|||
|
|
@ -140,6 +140,7 @@ func TestDockerBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendReferrerPolicy: "foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue: "foo",
|
||||
label.TraefikFrontendSTSSeconds: "666",
|
||||
label.TraefikFrontendSSLForceHost: "true",
|
||||
label.TraefikFrontendSSLRedirect: "true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect: "true",
|
||||
label.TraefikFrontendSTSIncludeSubdomains: "true",
|
||||
|
|
@ -216,6 +217,7 @@ func TestDockerBuildConfiguration(t *testing.T) {
|
|||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLHost: "foo",
|
||||
SSLForceHost: true,
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
"Content-Type": "application/json; charset=utf-8",
|
||||
|
|
|
|||
|
|
@ -148,6 +148,7 @@ func TestSwarmBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendReferrerPolicy: "foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue: "foo",
|
||||
label.TraefikFrontendSTSSeconds: "666",
|
||||
label.TraefikFrontendSSLForceHost: "true",
|
||||
label.TraefikFrontendSSLRedirect: "true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect: "true",
|
||||
label.TraefikFrontendSTSIncludeSubdomains: "true",
|
||||
|
|
@ -221,6 +222,7 @@ func TestSwarmBuildConfiguration(t *testing.T) {
|
|||
},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "foo",
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
|
|
|
|||
|
|
@ -100,6 +100,7 @@ func TestSegmentBuildConfiguration(t *testing.T) {
|
|||
label.Prefix + "sauternes." + label.SuffixFrontendHeadersReferrerPolicy: "foo",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendHeadersCustomBrowserXSSValue: "foo",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSTSSeconds: "666",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSSLForceHost: "true",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSSLRedirect: "true",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSSLTemporaryRedirect: "true",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSTSIncludeSubdomains: "true",
|
||||
|
|
@ -170,6 +171,7 @@ func TestSegmentBuildConfiguration(t *testing.T) {
|
|||
},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "foo",
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
|
|
|
|||
|
|
@ -175,6 +175,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendReferrerPolicy: aws.String("foo"),
|
||||
label.TraefikFrontendCustomBrowserXSSValue: aws.String("foo"),
|
||||
label.TraefikFrontendSTSSeconds: aws.String("666"),
|
||||
label.TraefikFrontendSSLForceHost: aws.String("true"),
|
||||
label.TraefikFrontendSSLRedirect: aws.String("true"),
|
||||
label.TraefikFrontendSSLTemporaryRedirect: aws.String("true"),
|
||||
label.TraefikFrontendSTSIncludeSubdomains: aws.String("true"),
|
||||
|
|
@ -294,6 +295,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "foo",
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
|
|
|
|||
|
|
@ -32,6 +32,7 @@ const (
|
|||
annotationKubernetesBuffering = "ingress.kubernetes.io/buffering"
|
||||
annotationKubernetesAppRoot = "ingress.kubernetes.io/app-root"
|
||||
|
||||
annotationKubernetesSSLForceHost = "ingress.kubernetes.io/ssl-force-host"
|
||||
annotationKubernetesSSLRedirect = "ingress.kubernetes.io/ssl-redirect"
|
||||
annotationKubernetesHSTSMaxAge = "ingress.kubernetes.io/hsts-max-age"
|
||||
annotationKubernetesHSTSIncludeSubdomains = "ingress.kubernetes.io/hsts-include-subdomains"
|
||||
|
|
|
|||
|
|
@ -599,6 +599,7 @@ func getHeader(i *extensionsv1beta1.Ingress) *types.Headers {
|
|||
CustomResponseHeaders: getMapValue(i.Annotations, annotationKubernetesCustomResponseHeaders),
|
||||
AllowedHosts: getSliceStringValue(i.Annotations, annotationKubernetesAllowedHosts),
|
||||
HostsProxyHeaders: getSliceStringValue(i.Annotations, annotationKubernetesProxyHeaders),
|
||||
SSLForceHost: getBoolValue(i.Annotations, annotationKubernetesSSLForceHost, false),
|
||||
SSLRedirect: getBoolValue(i.Annotations, annotationKubernetesSSLRedirect, false),
|
||||
SSLTemporaryRedirect: getBoolValue(i.Annotations, annotationKubernetesSSLTemporaryRedirect, false),
|
||||
SSLHost: getStringValue(i.Annotations, annotationKubernetesSSLHost, ""),
|
||||
|
|
|
|||
|
|
@ -786,6 +786,7 @@ rateset:
|
|||
iAnnotation(annotationKubernetesAllowedHosts, "foo, fii, fuu"),
|
||||
iAnnotation(annotationKubernetesProxyHeaders, "foo, fii, fuu"),
|
||||
iAnnotation(annotationKubernetesHSTSMaxAge, "666"),
|
||||
iAnnotation(annotationKubernetesSSLForceHost, "true"),
|
||||
iAnnotation(annotationKubernetesSSLRedirect, "true"),
|
||||
iAnnotation(annotationKubernetesSSLTemporaryRedirect, "true"),
|
||||
iAnnotation(annotationKubernetesHSTSIncludeSubdomains, "true"),
|
||||
|
|
@ -1030,6 +1031,7 @@ rateset:
|
|||
AllowedHosts: []string{"foo", "fii", "fuu"},
|
||||
HostsProxyHeaders: []string{"foo", "fii", "fuu"},
|
||||
STSSeconds: 666,
|
||||
SSLForceHost: true,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
STSIncludeSubdomains: true,
|
||||
|
|
|
|||
|
|
@ -53,6 +53,7 @@ const (
|
|||
pathFrontendCustomResponseHeaders = "/headers/customresponseheaders/"
|
||||
pathFrontendAllowedHosts = "/headers/allowedhosts"
|
||||
pathFrontendHostsProxyHeaders = "/headers/hostsproxyheaders"
|
||||
pathFrontendSSLForceHost = "/headers/sslforcehost"
|
||||
pathFrontendSSLRedirect = "/headers/sslredirect"
|
||||
pathFrontendSSLTemporaryRedirect = "/headers/ssltemporaryredirect"
|
||||
pathFrontendSSLHost = "/headers/sslhost"
|
||||
|
|
|
|||
|
|
@ -226,6 +226,7 @@ func (p *Provider) getHeaders(rootPath string) *types.Headers {
|
|||
SSLProxyHeaders: p.getMap(rootPath, pathFrontendSSLProxyHeaders),
|
||||
AllowedHosts: p.getList("", rootPath, pathFrontendAllowedHosts),
|
||||
HostsProxyHeaders: p.getList(rootPath, pathFrontendHostsProxyHeaders),
|
||||
SSLForceHost: p.getBool(false, rootPath, pathFrontendSSLForceHost),
|
||||
SSLRedirect: p.getBool(false, rootPath, pathFrontendSSLRedirect),
|
||||
SSLTemporaryRedirect: p.getBool(false, rootPath, pathFrontendSSLTemporaryRedirect),
|
||||
SSLHost: p.get("", rootPath, pathFrontendSSLHost),
|
||||
|
|
|
|||
|
|
@ -121,6 +121,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
withPair(pathFrontendPublicKey, "foo"),
|
||||
withPair(pathFrontendReferrerPolicy, "foo"),
|
||||
withPair(pathFrontendCustomBrowserXSSValue, "foo"),
|
||||
withPair(pathFrontendSSLForceHost, "true"),
|
||||
withPair(pathFrontendSSLRedirect, "true"),
|
||||
withPair(pathFrontendSSLTemporaryRedirect, "true"),
|
||||
withPair(pathFrontendSTSIncludeSubdomains, "true"),
|
||||
|
|
@ -254,6 +255,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
PublicKey: "foo",
|
||||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
SSLForceHost: true,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
STSIncludeSubdomains: true,
|
||||
|
|
|
|||
|
|
@ -41,6 +41,7 @@ const (
|
|||
SuffixFrontendResponseHeaders = SuffixFrontendHeaders + "customResponseHeaders"
|
||||
SuffixFrontendHeadersAllowedHosts = SuffixFrontendHeaders + "allowedHosts"
|
||||
SuffixFrontendHeadersHostsProxyHeaders = SuffixFrontendHeaders + "hostsProxyHeaders"
|
||||
SuffixFrontendHeadersSSLForceHost = SuffixFrontendHeaders + "SSLForceHost"
|
||||
SuffixFrontendHeadersSSLRedirect = SuffixFrontendHeaders + "SSLRedirect"
|
||||
SuffixFrontendHeadersSSLTemporaryRedirect = SuffixFrontendHeaders + "SSLTemporaryRedirect"
|
||||
SuffixFrontendHeadersSSLHost = SuffixFrontendHeaders + "SSLHost"
|
||||
|
|
@ -120,6 +121,7 @@ const (
|
|||
TraefikFrontendResponseHeaders = Prefix + SuffixFrontendResponseHeaders
|
||||
TraefikFrontendAllowedHosts = Prefix + SuffixFrontendHeadersAllowedHosts
|
||||
TraefikFrontendHostsProxyHeaders = Prefix + SuffixFrontendHeadersHostsProxyHeaders
|
||||
TraefikFrontendSSLForceHost = Prefix + SuffixFrontendHeadersSSLForceHost
|
||||
TraefikFrontendSSLRedirect = Prefix + SuffixFrontendHeadersSSLRedirect
|
||||
TraefikFrontendSSLTemporaryRedirect = Prefix + SuffixFrontendHeadersSSLTemporaryRedirect
|
||||
TraefikFrontendSSLHost = Prefix + SuffixFrontendHeadersSSLHost
|
||||
|
|
|
|||
|
|
@ -190,6 +190,7 @@ func GetHeaders(labels map[string]string) *types.Headers {
|
|||
STSSeconds: GetInt64Value(labels, TraefikFrontendSTSSeconds, 0),
|
||||
SSLRedirect: GetBoolValue(labels, TraefikFrontendSSLRedirect, false),
|
||||
SSLTemporaryRedirect: GetBoolValue(labels, TraefikFrontendSSLTemporaryRedirect, false),
|
||||
SSLForceHost: GetBoolValue(labels, TraefikFrontendSSLForceHost, false),
|
||||
STSIncludeSubdomains: GetBoolValue(labels, TraefikFrontendSTSIncludeSubdomains, false),
|
||||
STSPreload: GetBoolValue(labels, TraefikFrontendSTSPreload, false),
|
||||
ForceSTSHeader: GetBoolValue(labels, TraefikFrontendForceSTSHeader, false),
|
||||
|
|
|
|||
|
|
@ -606,6 +606,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
TraefikFrontendCustomBrowserXSSValue: "foo",
|
||||
TraefikFrontendSTSSeconds: "666",
|
||||
TraefikFrontendSSLRedirect: "true",
|
||||
TraefikFrontendSSLForceHost: "true",
|
||||
TraefikFrontendSSLTemporaryRedirect: "true",
|
||||
TraefikFrontendSTSIncludeSubdomains: "true",
|
||||
TraefikFrontendSTSPreload: "true",
|
||||
|
|
@ -637,6 +638,7 @@ func TestGetHeaders(t *testing.T) {
|
|||
ReferrerPolicy: "foo",
|
||||
CustomBrowserXSSValue: "foo",
|
||||
STSSeconds: 666,
|
||||
SSLForceHost: true,
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
STSIncludeSubdomains: true,
|
||||
|
|
|
|||
|
|
@ -209,6 +209,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
withLabel(label.TraefikFrontendSSLProxyHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8"),
|
||||
withLabel(label.TraefikFrontendAllowedHosts, "foo,bar,bor"),
|
||||
withLabel(label.TraefikFrontendHostsProxyHeaders, "foo,bar,bor"),
|
||||
withLabel(label.TraefikFrontendSSLForceHost, "true"),
|
||||
withLabel(label.TraefikFrontendSSLHost, "foo"),
|
||||
withLabel(label.TraefikFrontendCustomFrameOptionsValue, "foo"),
|
||||
withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"),
|
||||
|
|
@ -285,6 +286,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "foo",
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
|
|
@ -581,6 +583,7 @@ func TestBuildConfigurationSegments(t *testing.T) {
|
|||
withSegmentLabel(label.TraefikFrontendSSLProxyHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type: application/json; charset=utf-8", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendAllowedHosts, "foo,bar,bor", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendHostsProxyHeaders, "foo,bar,bor", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLForceHost, "true", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendSSLHost, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendCustomFrameOptionsValue, "foo", "containous"),
|
||||
withSegmentLabel(label.TraefikFrontendContentSecurityPolicy, "foo", "containous"),
|
||||
|
|
@ -657,6 +660,7 @@ func TestBuildConfigurationSegments(t *testing.T) {
|
|||
},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "foo",
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
|
|
|
|||
|
|
@ -158,6 +158,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
withLabel(label.TraefikFrontendSSLProxyHeaders, "Access-Control-Allow-Methods:POST,GET,OPTIONS || Content-type:application/json; charset=utf-8"),
|
||||
withLabel(label.TraefikFrontendAllowedHosts, "foo,bar,bor"),
|
||||
withLabel(label.TraefikFrontendHostsProxyHeaders, "foo,bar,bor"),
|
||||
withLabel(label.TraefikFrontendSSLForceHost, "true"),
|
||||
withLabel(label.TraefikFrontendSSLHost, "foo"),
|
||||
withLabel(label.TraefikFrontendCustomFrameOptionsValue, "foo"),
|
||||
withLabel(label.TraefikFrontendContentSecurityPolicy, "foo"),
|
||||
|
|
@ -240,6 +241,7 @@ func TestBuildConfiguration(t *testing.T) {
|
|||
},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "foo",
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
|
|
|
|||
|
|
@ -83,6 +83,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
label.TraefikFrontendReferrerPolicy: "foo",
|
||||
label.TraefikFrontendCustomBrowserXSSValue: "foo",
|
||||
label.TraefikFrontendSTSSeconds: "666",
|
||||
label.TraefikFrontendSSLForceHost: "true",
|
||||
label.TraefikFrontendSSLRedirect: "true",
|
||||
label.TraefikFrontendSSLTemporaryRedirect: "true",
|
||||
label.TraefikFrontendSTSIncludeSubdomains: "true",
|
||||
|
|
@ -158,6 +159,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "foo",
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
|
|
@ -292,6 +294,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
label.Prefix + "sauternes." + label.SuffixFrontendHeadersReferrerPolicy: "foo",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendHeadersCustomBrowserXSSValue: "foo",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSTSSeconds: "666",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSSLForceHost: "true",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSSLRedirect: "true",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSSLTemporaryRedirect: "true",
|
||||
label.Prefix + "sauternes." + label.SuffixFrontendHeadersSTSIncludeSubdomains: "true",
|
||||
|
|
@ -356,6 +359,7 @@ func TestProviderBuildConfiguration(t *testing.T) {
|
|||
HostsProxyHeaders: []string{"foo", "bar", "bor"},
|
||||
SSLRedirect: true,
|
||||
SSLTemporaryRedirect: true,
|
||||
SSLForceHost: true,
|
||||
SSLHost: "foo",
|
||||
SSLProxyHeaders: map[string]string{
|
||||
"Access-Control-Allow-Methods": "POST,GET,OPTIONS",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue