From 4fbf2b6838f968c390008af926350ffbdbd4c943 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Wed, 21 Jul 2021 09:56:17 +0200 Subject: [PATCH] datagateway: zero content-length when swallowing body (#1904) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jörn Friedrich Dreyer --- .../set-content-length-when-swallowing-body.md | 5 +++++ .../http/services/datagateway/datagateway.go | 16 ++++++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 changelog/unreleased/set-content-length-when-swallowing-body.md diff --git a/changelog/unreleased/set-content-length-when-swallowing-body.md b/changelog/unreleased/set-content-length-when-swallowing-body.md new file mode 100644 index 0000000000..9b757f35d6 --- /dev/null +++ b/changelog/unreleased/set-content-length-when-swallowing-body.md @@ -0,0 +1,5 @@ +Bugfix: Set Content-Length to 0 when swallowing body in the datagateway + +When swallowing the body the Content-Lenght needs to be set to 0 to prevent proxies from reading the body. + +https://github.com/cs3org/reva/pull/1904 \ No newline at end of file diff --git a/internal/http/services/datagateway/datagateway.go b/internal/http/services/datagateway/datagateway.go index 3e396424aa..b47ecc5e61 100644 --- a/internal/http/services/datagateway/datagateway.go +++ b/internal/http/services/datagateway/datagateway.go @@ -198,6 +198,8 @@ func (s *svc) doHead(w http.ResponseWriter, r *http.Request) { copyHeader(w.Header(), httpRes.Header) if httpRes.StatusCode != http.StatusOK { + // swallow the body and set content-length to 0 to prevent reverse proxies from trying to read from it + w.Header().Set("Content-Length", "0") w.WriteHeader(httpRes.StatusCode) return } @@ -237,11 +239,17 @@ func (s *svc) doGet(w http.ResponseWriter, r *http.Request) { defer httpRes.Body.Close() copyHeader(w.Header(), httpRes.Header) - // TODO why do we swallow the body? w.WriteHeader(httpRes.StatusCode) - if httpRes.StatusCode != http.StatusOK && httpRes.StatusCode != http.StatusPartialContent { + switch httpRes.StatusCode { + case http.StatusOK: + case http.StatusPartialContent: + default: + // swallow the body and set content-length to 0 to prevent reverse proxies from trying to read from it + w.Header().Set("Content-Length", "0") + w.WriteHeader(httpRes.StatusCode) return } + w.WriteHeader(httpRes.StatusCode) var c int64 c, err = io.Copy(w, httpRes.Body) @@ -304,6 +312,8 @@ func (s *svc) doPut(w http.ResponseWriter, r *http.Request) { copyHeader(w.Header(), httpRes.Header) if httpRes.StatusCode != http.StatusOK { + // swallow the body and set content-length to 0 to prevent reverse proxies from trying to read from it + w.Header().Set("Content-Length", "0") w.WriteHeader(httpRes.StatusCode) return } @@ -362,6 +372,8 @@ func (s *svc) doPatch(w http.ResponseWriter, r *http.Request) { copyHeader(w.Header(), httpRes.Header) if httpRes.StatusCode != http.StatusOK { + // swallow the body and set content-length to 0 to prevent reverse proxies from trying to read from it + w.Header().Set("Content-Length", "0") w.WriteHeader(httpRes.StatusCode) return }