You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by zw...@apache.org on 2018/07/05 18:35:37 UTC
[trafficserver] branch 7.1.x updated (a5e1e8c -> d1aca34)
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a change to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git.
from a5e1e8c Updated ChangeLog
new cea07c0 Restrict access to request headers for ESI variables
new d1aca34 Fix hostdb.ip_resolve's documentation for none/only option.
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
doc/admin-guide/files/records.config.en.rst | 10 +++++-----
doc/admin-guide/plugins/esi.en.rst | 2 +-
plugins/esi/lib/Variables.cc | 6 ++++++
plugins/esi/test/vars_test.cc | 2 ++
4 files changed, 14 insertions(+), 6 deletions(-)
[trafficserver] 01/02: Restrict access to request headers for ESI
variables
Posted by zw...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit cea07c03274807c1588dbdf03baa1537d958c92f
Author: Kit Chan <ki...@apache.org>
AuthorDate: Tue Jul 3 17:32:56 2018 -0700
Restrict access to request headers for ESI variables
(cherry picked from commit 2f4a5b7a3eb4904d59913d4b38e54a4caeecceae)
---
doc/admin-guide/plugins/esi.en.rst | 2 +-
plugins/esi/lib/Variables.cc | 6 ++++++
plugins/esi/test/vars_test.cc | 2 ++
3 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/doc/admin-guide/plugins/esi.en.rst b/doc/admin-guide/plugins/esi.en.rst
index 29595d8..ebe504b 100644
--- a/doc/admin-guide/plugins/esi.en.rst
+++ b/doc/admin-guide/plugins/esi.en.rst
@@ -170,4 +170,4 @@ Differences from Spec - http://www.w3.org/TR/esi-lang
5. HTTP_COOKIE supports fetching for sub-key
-6. HTTP_HEADER supports accessing request headers as variables
+6. HTTP_HEADER supports accessing request headers as variables except "Cookie"
diff --git a/plugins/esi/lib/Variables.cc b/plugins/esi/lib/Variables.cc
index 8a8dec9..ca30485 100644
--- a/plugins/esi/lib/Variables.cc
+++ b/plugins/esi/lib/Variables.cc
@@ -235,6 +235,12 @@ Variables::getValue(const string &name) const
return EMPTY_STRING;
}
+ // Disallow Cookie retrieval though HTTP_HEADER
+ if (dict_index == HTTP_HEADER && ((attr_len == 6) && (strncasecmp(attr, "Cookie", 6) == 0))) {
+ _errorLog("[%s] Cannot use HTTP_HEADER to retrieve Cookie", __FUNCTION__);
+ return EMPTY_STRING;
+ }
+
// change variable name to use only the attribute field
search_key.assign(attr, attr_len);
diff --git a/plugins/esi/test/vars_test.cc b/plugins/esi/test/vars_test.cc
index 5da39ee..5982abf 100644
--- a/plugins/esi/test/vars_test.cc
+++ b/plugins/esi/test/vars_test.cc
@@ -444,12 +444,14 @@ main()
esi_vars.populate(HttpHeader("hdr1", -1, "hval1", -1));
esi_vars.populate(HttpHeader("Hdr2", -1, "hval2", -1));
esi_vars.populate(HttpHeader("@Intenal-hdr1", -1, "internal-hval1", -1));
+ esi_vars.populate(HttpHeader("cookie", -1, "x=y", -1));
assert(esi_vars.getValue("HTTP_HEADER{hdr1}") == "hval1");
assert(esi_vars.getValue("HTTP_HEADER{hdr2}") == "");
assert(esi_vars.getValue("HTTP_HEADER{Hdr2}") == "hval2");
assert(esi_vars.getValue("HTTP_HEADER{non-existent}") == "");
assert(esi_vars.getValue("HTTP_HEADER{@Intenal-hdr1}") == "internal-hval1");
+ assert(esi_vars.getValue("HTTP_HEADER{cookie}") == "");
}
{
[trafficserver] 02/02: Fix hostdb.ip_resolve's documentation for
none/only option.
Posted by zw...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
zwoop pushed a commit to branch 7.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit d1aca34d2d1e0f02f8cea5fdb7c429d8799afb7d
Author: Nick Muerdter <ni...@nrel.gov>
AuthorDate: Mon Jun 25 16:50:23 2018 -0600
Fix hostdb.ip_resolve's documentation for none/only option.
The previously documented option of a `none` keyword didn't actually exist.
Instead, this functionality is provided by the `only` keyword.
Fixes https://github.com/apache/trafficserver/issues/3880
(cherry picked from commit 3e57b434143e27c6154f1778826924db9263ac94)
---
doc/admin-guide/files/records.config.en.rst | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/doc/admin-guide/files/records.config.en.rst b/doc/admin-guide/files/records.config.en.rst
index c755a49..0a1db69 100644
--- a/doc/admin-guide/files/records.config.en.rst
+++ b/doc/admin-guide/files/records.config.en.rst
@@ -2552,16 +2552,16 @@ HostDB
``ipv4`` Resolve to an IPv4 address.
``ipv6`` Resolve to an IPv6 address.
``client`` Resolve to the same family as the client IP address.
- ``none`` Stop resolving.
+ ``only`` Stop resolving.
========== ====================================================
The order of the keywords is critical. When a host name needs to be resolved
it is resolved in same order as the keywords. If a resolution fails, the
- next option in the list is tried. The keyword ``none`` means to give up
+ next option in the list is tried. The keyword ``only`` means to give up
resolution entirely. The keyword list has a maximum length of three
keywords, more are never needed. By default there is an implicit
``ipv4;ipv6`` attached to the end of the string unless the keyword
- ``none`` appears.
+ ``only`` appears.
.. topic:: Example
@@ -2577,13 +2577,13 @@ HostDB
Resolve only to IPv4. ::
- ipv4;none
+ ipv4;only
.. topic:: Example
Resolve only to the same family as the client (do not permit cross family transactions). ::
- client;none
+ client;only
This value is a global default that can be overridden by :ts:cv:`proxy.config.http.server_ports`.