From 6836b7103d5ccfe83dd75fa243cb0dda366af299 Mon Sep 17 00:00:00 2001
From: Christian Groschupp <christian@groschupp.org>
Date: Wed, 14 Jun 2023 10:18:20 +0200
Subject: [PATCH] add regex for header value

---
 internal/ingress/annotations/customheaders/main.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/internal/ingress/annotations/customheaders/main.go b/internal/ingress/annotations/customheaders/main.go
index d64c07426..225b88fe8 100644
--- a/internal/ingress/annotations/customheaders/main.go
+++ b/internal/ingress/annotations/customheaders/main.go
@@ -37,7 +37,7 @@ type Config struct {
 
 var (
 	headerRegexp = regexp.MustCompile(`^[a-zA-Z\d\-_]+$`)
-	valueRegexp  = regexp.MustCompile(`^[a-zA-Z\d\_ :;.,\/"'?!(){}[]@<>=-\+\*#$&<|~^%]+$`)
+	valueRegexp  = regexp.MustCompile(`^[a-zA-Z\d_ :;.,\\/"'?!(){}\[\]@<>=\-+*#$&\x60|~^%]+$`)
 )
 
 // ValidHeader checks is the provided string satisfies the header's name regex
@@ -78,10 +78,10 @@ func (a customHeaders) Parse(ing *networking.Ingress) (interface{}, error) {
 
 		for header, value := range clientHeadersMapContents.Data {
 			if !ValidHeader(header) {
-				return nil, ing_errors.NewLocationDenied("invalid client-headers in configmap")
+				return nil, ing_errors.NewLocationDenied("invalid header name in configmap")
 			}
 			if !ValidValue(value) {
-				return nil, ing_errors.NewLocationDenied("invalid client-headers in configmap")
+				return nil, ing_errors.NewLocationDenied("invalid header value in configmap")
 			}
 			if !slices.Contains(defBackend.AllowedResponseHeaders, header) {
 				return nil, ing_errors.NewLocationDenied(fmt.Sprintf("header %s is not allowed, defined allowed headers inside global-allowed-response-headers %v", header, defBackend.AllowedResponseHeaders))