Made blacklist stricter to deal with alternate versions of true

2025-09-14 21:53:52 +00:00 · 2017-08-28 09:04:42 -07:00
parent 98a7311afc
commit 86c0579ee5
1 changed files with 5 additions and 5 deletions
--- a/cluster/addons/metadata-proxy/gce/metadata-proxy-configmap.yaml
+++ b/cluster/addons/metadata-proxy/gce/metadata-proxy-configmap.yaml
@@ -28,13 +28,13 @@ data:
        # Allow for REST discovery.
        location = / {
-            if ($args ~ "recursive=true") {
+            if ($args ~* "recursive") {
                    return 403 "?recursive calls are not allowed by the metadata proxy.";
            }
            proxy_pass http://169.254.169.254;
        }
        location = /computeMetadata/ {
-            if ($args ~ "recursive=true") {
+            if ($args ~* "recursive") {
                    return 403 "?recursive calls are not allowed by the metadata proxy.";
            }
            proxy_pass http://169.254.169.254;
@@ -42,19 +42,19 @@ data:
        # By default, allow the v0.1, v1beta1, and v1 APIs.
        location /0.1/ {
-            if ($args ~ "recursive=true") {
+            if ($args ~* "recursive") {
                    return 403 "?recursive calls are not allowed by the metadata proxy.";
            }
            proxy_pass http://169.254.169.254;
        }
        location /computeMetadata/v1beta1/ {
-            if ($args ~ "recursive=true") {
+            if ($args ~* "recursive") {
                    return 403 "?recursive calls are not allowed by the metadata proxy.";
            }
            proxy_pass http://169.254.169.254;
        }
        location /computeMetadata/v1/ {
-            if ($args ~ "recursive=true") {
+            if ($args ~* "recursive") {
                    return 403 "?recursive calls are not allowed by the metadata proxy.";
            }
            proxy_pass http://169.254.169.254;