fix for issue #2951: internal error with invalid hmac-auth header #2994
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This removes the `orderlist` property from the balancer entity. Due to a different implementation in the dns library, it is no longer required. from Kong#2748
Makes the `Authorization` header type configurable. The default remains `LDAP`, but strings such as `Basic` can be used for ease of testing via the browser. Incidentally, this fixes the case-insensitive parsing of the `LDAP` string, which was broken. PR: Kong#2963.
Adds to the `oauth2` plugin a new parameter `auth_header_name` to define the header name to use. By default its value is `"authorization"`. From Kong#2928 Signed-off-by: Hisham Muhammad <[email protected]>
Adds a migration using the plugin_config_iterator helper. Signed-off-by: Thibault Charbonnier <[email protected]>
Make sure we don't match "invalidldap" when searching for "ldap". Prior to Kong#2963, this plugin did an incorrect pattern matching leading it to accept invalid type strings, as long as they ended with the letters in "LDAP". This adds a regression test for that situation. Signed-off-by: Thibault Charbonnier <[email protected]>
Adds tests for the functionality introduced in PR Kong#2963. Signed-off-by: Thibault Charbonnier <[email protected]>
When the JWT plugin is configured with the property cookie_names, the plugin will get the JWT token from one of the named cookies. * add `config.cookie_names` ocnfiguration option * add migration for previous records of this plugin * add integration test suite From Kong#2974 Fix Kong#2911 Kong#2894 Signed-off-by: Thibault Charbonnier <[email protected]>
|
@mvanholsteijn thx for the fix, would you mind rebasing this on |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
When an invalid hmac-auth header is sent by the client, kong generates an internal server error when enforce_headers are configured. The code did not check whether any headers were actually parsed.
Issues resolved
Fix #2951