github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix invalid Content-Type for 403 error 

https://github.com/kubernetes/kubernetes/pull/47384 makes 403 errors
return Status Object. How the Content-Type is still "text/plain"
This change fix it.
pull/6/head
Cao Shufeng 2017-07-06 19:17:10 +08:00
parent 9cfb0ae565
commit 36e0a5ed14
2 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
staging/src/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters/errors.go
View File

@ -44,7 +44,6 @@ func BadGatewayError(w http.ResponseWriter, req *http.Request) {
func Forbidden(ctx request.Context, attributes authorizer.Attributes, w http.ResponseWriter, req *http.Request, reason string, s runtime.NegotiatedSerializer) {
msg := sanitizer.Replace(forbiddenMessage(attributes))
w.Header().Set("X-Content-Type-Options", "nosniff")
w.WriteHeader(http.StatusForbidden)
var errMsg string
if len(reason) == 0 {

21
staging/src/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters/errors_test.go
View File

@ -63,18 +63,19 @@ func TestErrors(t *testing.T) {
func TestForbidden(t *testing.T) {
u := &user.DefaultInfo{Name: "NAME"}
cases := []struct {
expected string
attributes authorizer.Attributes
reason string
expected string
attributes authorizer.Attributes
reason string
contentType string
}{
{`{"metadata":{},"status":"Failure","message":" \"\" is forbidden: User \"NAME\" cannot GET path \"/whatever\".","reason":"Forbidden","details":{},"code":403}
`, authorizer.AttributesRecord{User: u, Verb: "GET", Path: "/whatever"}, ""},
`, authorizer.AttributesRecord{User: u, Verb: "GET", Path: "/whatever"}, "", "application/json"},
{`{"metadata":{},"status":"Failure","message":" \"\" is forbidden: User \"NAME\" cannot GET path \"/\u0026lt;script\u0026gt;\".","reason":"Forbidden","details":{},"code":403}
`, authorizer.AttributesRecord{User: u, Verb: "GET", Path: "/<script>"}, ""},
`, authorizer.AttributesRecord{User: u, Verb: "GET", Path: "/<script>"}, "", "application/json"},
{`{"metadata":{},"status":"Failure","message":"pod \"\" is forbidden: User \"NAME\" cannot GET pod at the cluster scope.","reason":"Forbidden","details":{"kind":"pod"},"code":403}
`, authorizer.AttributesRecord{User: u, Verb: "GET", Resource: "pod", ResourceRequest: true}, ""},
`, authorizer.AttributesRecord{User: u, Verb: "GET", Resource: "pod", ResourceRequest: true}, "", "application/json"},
{`{"metadata":{},"status":"Failure","message":"pod.v2 \"\" is forbidden: User \"NAME\" cannot GET pod.v2/quota in the namespace \"test\".","reason":"Forbidden","details":{"group":"v2","kind":"pod"},"code":403}
`, authorizer.AttributesRecord{User: u, Verb: "GET", Namespace: "test", APIGroup: "v2", Resource: "pod", Subresource: "quota", ResourceRequest: true}, ""},
`, authorizer.AttributesRecord{User: u, Verb: "GET", Namespace: "test", APIGroup: "v2", Resource: "pod", Subresource: "quota", ResourceRequest: true}, "", "application/json"},
}
for _, test := range cases {
observer := httptest.NewRecorder()
@ -83,7 +84,11 @@ func TestForbidden(t *testing.T) {
Forbidden(request.NewDefaultContext(), test.attributes, observer, &http.Request{}, test.reason, negotiatedSerializer)
result := string(observer.Body.Bytes())
if result != test.expected {
t.Errorf("Forbidden(%#v...) != %#v, got %#v", test.attributes, test.expected, result)
t.Errorf("Forbidden response body(%#v...) != %#v, got %#v", test.attributes, test.expected, result)
}
resultType := observer.HeaderMap.Get("Content-Type")
if resultType != test.contentType {
t.Errorf("Forbidden content type(%#v...) != %#v, got %#v", test.attributes, test.expected, result)
}
}
}