Validation of header in authreq should be done only in the key (#5053)

2020-02-11 10:30:14 -03:00 · 2020-02-11 10:30:14 -03:00 · 77586dd83b
commit 77586dd83b
parent fc41dc732a
2 changed files with 4 additions and 4 deletions
--- a/internal/ingress/annotations/authreq/main.go
+++ b/internal/ingress/annotations/authreq/main.go
@ -218,8 +218,8 @@ func (a authReq) Parse(ing *networking.Ingress) (interface{}, error) {
 			return nil, ing_errors.NewLocationDenied(fmt.Sprintf("unable to find configMap %q", proxySetHeaderMap))
 		}
-		for header, value := range proxySetHeadersMapContents.Data {
+		for header := range proxySetHeadersMapContents.Data {
-			if !ValidHeader(header) || !ValidHeader(value) {
+			if !ValidHeader(header) {
 				return nil, ing_errors.NewLocationDenied("invalid proxy-set-headers in configmap")
 			}
 		}
--- a/internal/ingress/annotations/authreq/main_test.go
+++ b/internal/ingress/annotations/authreq/main_test.go
@ -276,8 +276,8 @@ func TestProxySetHeaders(t *testing.T) {
 	}{
 		{"single header", "http://goog.url", map[string]string{"header": "h1"}, false},
 		{"no header map", "http://goog.url", nil, true},
-		{"header with spaces", "http://goog.url", map[string]string{"header": "bad value"}, true},
+		{"header with spaces", "http://goog.url", map[string]string{"header": "bad value"}, false},
-		{"header with other bad symbols", "http://goog.url", map[string]string{"header": "bad+value"}, true},
+		{"header with other bad symbols", "http://goog.url", map[string]string{"header": "bad+value"}, false},
 	}
 	for _, test := range tests {