Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

agent: trim space when parsing X-Nomad-Token header #16469

Merged
merged 1 commit into from
Mar 14, 2023
Merged

agent: trim space when parsing X-Nomad-Token header #16469

merged 1 commit into from
Mar 14, 2023

Conversation

tgross
Copy link
Member

@tgross tgross commented Mar 13, 2023
edited
Loading

Fixes #11898 and will replace #11897

Our auth token parsing code trims space around the Authorization header but not around X-Nomad-Token. When using the UI, it's easy to accidentally introduce a leading or trailing space, which results in spurious authentication errors. Some browsers fix this automatically, but apparently not all do. Trim the space at the HTTP server.

@tgross
agent: trim space when parsing X-Nomad-Token header
98b840b 
Our auth token parsing code trims space around the `Authorization` header but
not around `X-Nomad-Token`. When using the UI, it's easy to accidentally
introduce a leading or trailing space, which results in spurious authentication
errors. Trim the space at the HTTP server.
@tgross tgross force-pushed the auth-token-trimspace branch from 2533e87 to 98b840b Compare March 13, 2023 20:12
@tgross tgross added backport/1.5.x backport to 1.5.x release line type/enhancement labels Mar 13, 2023
@tgross tgross marked this pull request as ready for review March 13, 2023 20:12
@tgross tgross requested review from jrasell and philrenaud March 13, 2023 20:12
@tgross tgross added this to the 1.5.x milestone Mar 13, 2023
This was referenced Mar 13, 2023
Closed
Closed
jrasell
jrasell approved these changes Mar 14, 2023
View reviewed changes
Copy link
Member

@jrasell jrasell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@tgross tgross merged commit c70bbd1 into main Mar 14, 2023
@tgross tgross deleted the auth-token-trimspace branch March 14, 2023 12:57
@hc-github-team-nomad-core hc-github-team-nomad-core mentioned this pull request Mar 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jrasell jrasell jrasell approved these changes

@philrenaud philrenaud Awaiting requested review from philrenaud

Assignees
No one assigned
Labels
backport/1.5.x backport to 1.5.x release line type/enhancement
Projects
None yet
Milestone
1.5.x
Development

Successfully merging this pull request may close these issues.

alloc/exec: WebSocket 1011 acl token lookup failed: index error: UUID must be 36 characters
2 participants
@tgross @jrasell