From 15558d697250f0b4e46db2c6c081168bc61f5625 Mon Sep 17 00:00:00 2001 From: Paco Xu Date: Mon, 6 Dec 2021 14:03:29 +0800 Subject: [PATCH 1/2] remove ValidateProxyRedirects and StreamingProxyRedirects in 1.24 --- pkg/features/kube_features.go | 2 -- pkg/registry/core/pod/rest/subresources.go | 6 ++--- .../apiserver/pkg/features/kube_features.go | 22 ------------------- .../pkg/apiserver/handler_proxy.go | 6 ++--- 4 files changed, 4 insertions(+), 32 deletions(-) diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go index bcc80f8fd44..579909be0b4 100644 --- a/pkg/features/kube_features.go +++ b/pkg/features/kube_features.go @@ -983,8 +983,6 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS // inherited features from generic apiserver, relisted here to get a conflict if it is changed // unintentionally on either side: - genericfeatures.StreamingProxyRedirects: {Default: false, PreRelease: featuregate.Deprecated}, // remove in 1.24 - genericfeatures.ValidateProxyRedirects: {Default: true, PreRelease: featuregate.Deprecated}, genericfeatures.AdvancedAuditing: {Default: true, PreRelease: featuregate.GA}, genericfeatures.APIResponseCompression: {Default: true, PreRelease: featuregate.Beta}, genericfeatures.APIListChunking: {Default: true, PreRelease: featuregate.Beta}, diff --git a/pkg/registry/core/pod/rest/subresources.go b/pkg/registry/core/pod/rest/subresources.go index f7d7fbc1220..23d66c15a25 100644 --- a/pkg/registry/core/pod/rest/subresources.go +++ b/pkg/registry/core/pod/rest/subresources.go @@ -25,10 +25,8 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/net" "k8s.io/apimachinery/pkg/util/proxy" - genericfeatures "k8s.io/apiserver/pkg/features" genericregistry "k8s.io/apiserver/pkg/registry/generic/registry" "k8s.io/apiserver/pkg/registry/rest" - utilfeature "k8s.io/apiserver/pkg/util/feature" api "k8s.io/kubernetes/pkg/apis/core" "k8s.io/kubernetes/pkg/capabilities" "k8s.io/kubernetes/pkg/kubelet/client" @@ -193,8 +191,8 @@ func (r *PortForwardREST) Connect(ctx context.Context, name string, opts runtime func newThrottledUpgradeAwareProxyHandler(location *url.URL, transport http.RoundTripper, wrapTransport, upgradeRequired, interceptRedirects bool, responder rest.Responder) *proxy.UpgradeAwareHandler { handler := proxy.NewUpgradeAwareHandler(location, transport, wrapTransport, upgradeRequired, proxy.NewErrorResponder(responder)) - handler.InterceptRedirects = interceptRedirects && utilfeature.DefaultFeatureGate.Enabled(genericfeatures.StreamingProxyRedirects) - handler.RequireSameHostRedirects = utilfeature.DefaultFeatureGate.Enabled(genericfeatures.ValidateProxyRedirects) + handler.InterceptRedirects = false + handler.RequireSameHostRedirects = false handler.MaxBytesPerSec = capabilities.Get().PerConnectionBandwidthLimitBytesPerSec return handler } diff --git a/staging/src/k8s.io/apiserver/pkg/features/kube_features.go b/staging/src/k8s.io/apiserver/pkg/features/kube_features.go index ffab26970c7..cc68a2ffb12 100644 --- a/staging/src/k8s.io/apiserver/pkg/features/kube_features.go +++ b/staging/src/k8s.io/apiserver/pkg/features/kube_features.go @@ -30,26 +30,6 @@ const ( // // alpha: v1.4 // MyFeature() bool - // owner: @tallclair - // alpha: v1.5 - // beta: v1.6 - // deprecated: v1.18 - // - // StreamingProxyRedirects controls whether the apiserver should intercept (and follow) - // redirects from the backend (Kubelet) for streaming requests (exec/attach/port-forward). - // - // This feature is deprecated, and will be removed in v1.24. - StreamingProxyRedirects featuregate.Feature = "StreamingProxyRedirects" - - // owner: @tallclair - // alpha: v1.12 - // beta: v1.14 - // deprecated: v1.22 - // - // ValidateProxyRedirects controls whether the apiserver should validate that redirects are only - // followed to the same host. Only used if StreamingProxyRedirects is enabled. - ValidateProxyRedirects featuregate.Feature = "ValidateProxyRedirects" - // owner: @tallclair // alpha: v1.7 // beta: v1.8 @@ -209,8 +189,6 @@ func init() { // To add a new feature, define a key for it above and add it here. The features will be // available throughout Kubernetes binaries. var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{ - StreamingProxyRedirects: {Default: false, PreRelease: featuregate.Deprecated}, - ValidateProxyRedirects: {Default: true, PreRelease: featuregate.Deprecated}, AdvancedAuditing: {Default: true, PreRelease: featuregate.GA}, APIResponseCompression: {Default: true, PreRelease: featuregate.Beta}, APIListChunking: {Default: true, PreRelease: featuregate.Beta}, diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go b/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go index b2122ae6a08..b226681126d 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go @@ -32,9 +32,7 @@ import ( "k8s.io/apiserver/pkg/endpoints/handlers/responsewriters" endpointmetrics "k8s.io/apiserver/pkg/endpoints/metrics" genericapirequest "k8s.io/apiserver/pkg/endpoints/request" - genericfeatures "k8s.io/apiserver/pkg/features" "k8s.io/apiserver/pkg/server/egressselector" - utilfeature "k8s.io/apiserver/pkg/util/feature" utilflowcontrol "k8s.io/apiserver/pkg/util/flowcontrol" "k8s.io/apiserver/pkg/util/x509metrics" restclient "k8s.io/client-go/rest" @@ -174,8 +172,8 @@ func (r *proxyHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { } handler := proxy.NewUpgradeAwareHandler(location, proxyRoundTripper, true, upgrade, &responder{w: w}) - handler.InterceptRedirects = utilfeature.DefaultFeatureGate.Enabled(genericfeatures.StreamingProxyRedirects) - handler.RequireSameHostRedirects = utilfeature.DefaultFeatureGate.Enabled(genericfeatures.ValidateProxyRedirects) + handler.InterceptRedirects = false + handler.RequireSameHostRedirects = false utilflowcontrol.RequestDelegated(req.Context()) handler.ServeHTTP(w, newReq) } From df81521d888c759b225fc4569933016ceb7e43f4 Mon Sep 17 00:00:00 2001 From: Paco Xu Date: Fri, 28 Jan 2022 10:31:51 +0800 Subject: [PATCH 2/2] remove unused parameter: intercceptRedirects & RequireSameHostRedirects --- pkg/registry/core/pod/rest/subresources.go | 12 +- .../pkg/util/proxy/upgradeaware.go | 20 +- .../pkg/util/proxy/upgradeaware_test.go | 260 +++++++++--------- .../pkg/apiserver/handler_proxy.go | 2 - 4 files changed, 133 insertions(+), 161 deletions(-) diff --git a/pkg/registry/core/pod/rest/subresources.go b/pkg/registry/core/pod/rest/subresources.go index 23d66c15a25..cb79deca431 100644 --- a/pkg/registry/core/pod/rest/subresources.go +++ b/pkg/registry/core/pod/rest/subresources.go @@ -71,7 +71,7 @@ func (r *ProxyREST) Connect(ctx context.Context, id string, opts runtime.Object, } location.Path = net.JoinPreservingTrailingSlash(location.Path, proxyOpts.Path) // Return a proxy handler that uses the desired transport, wrapped with additional proxy handling (to get URL rewriting, X-Forwarded-* headers, etc) - return newThrottledUpgradeAwareProxyHandler(location, transport, true, false, false, responder), nil + return newThrottledUpgradeAwareProxyHandler(location, transport, true, false, responder), nil } // Support both GET and POST methods. We must support GET for browsers that want to use WebSockets. @@ -101,7 +101,7 @@ func (r *AttachREST) Connect(ctx context.Context, name string, opts runtime.Obje if err != nil { return nil, err } - return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, true, responder), nil + return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, responder), nil } // NewConnectOptions returns the versioned object that represents exec parameters @@ -138,7 +138,7 @@ func (r *ExecREST) Connect(ctx context.Context, name string, opts runtime.Object if err != nil { return nil, err } - return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, true, responder), nil + return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, responder), nil } // NewConnectOptions returns the versioned object that represents exec parameters @@ -186,13 +186,11 @@ func (r *PortForwardREST) Connect(ctx context.Context, name string, opts runtime if err != nil { return nil, err } - return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, true, responder), nil + return newThrottledUpgradeAwareProxyHandler(location, transport, false, true, responder), nil } -func newThrottledUpgradeAwareProxyHandler(location *url.URL, transport http.RoundTripper, wrapTransport, upgradeRequired, interceptRedirects bool, responder rest.Responder) *proxy.UpgradeAwareHandler { +func newThrottledUpgradeAwareProxyHandler(location *url.URL, transport http.RoundTripper, wrapTransport, upgradeRequired bool, responder rest.Responder) *proxy.UpgradeAwareHandler { handler := proxy.NewUpgradeAwareHandler(location, transport, wrapTransport, upgradeRequired, proxy.NewErrorResponder(responder)) - handler.InterceptRedirects = false - handler.RequireSameHostRedirects = false handler.MaxBytesPerSec = capabilities.Get().PerConnectionBandwidthLimitBytesPerSec return handler } diff --git a/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go b/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go index e84548017f5..f56c17ca3cd 100644 --- a/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go +++ b/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware.go @@ -69,11 +69,6 @@ type UpgradeAwareHandler struct { UpgradeTransport UpgradeRequestRoundTripper // WrapTransport indicates whether the provided Transport should be wrapped with default proxy transport behavior (URL rewriting, X-Forwarded-* header setting) WrapTransport bool - // InterceptRedirects determines whether the proxy should sniff backend responses for redirects, - // following them as necessary. - InterceptRedirects bool - // RequireSameHostRedirects only allows redirects to the same host. It is only used if InterceptRedirects=true. - RequireSameHostRedirects bool // UseRequestLocation will use the incoming request URL when talking to the backend server. UseRequestLocation bool // UseLocationHost overrides the HTTP host header in requests to the backend server to use the Host from Location. @@ -310,17 +305,12 @@ func (h *UpgradeAwareHandler) tryUpgrade(w http.ResponseWriter, req *http.Reques // Only append X-Forwarded-For in the upgrade path, since httputil.NewSingleHostReverseProxy // handles this in the non-upgrade path. utilnet.AppendForwardedForHeader(clone) - if h.InterceptRedirects { - klog.V(6).Infof("Connecting to backend proxy (intercepting redirects) %s\n Headers: %v", &location, clone.Header) - backendConn, rawResponse, err = utilnet.ConnectWithRedirects(req.Method, &location, clone.Header, req.Body, utilnet.DialerFunc(h.DialForUpgrade), h.RequireSameHostRedirects) - } else { - klog.V(6).Infof("Connecting to backend proxy (direct dial) %s\n Headers: %v", &location, clone.Header) - if h.UseLocationHost { - clone.Host = h.Location.Host - } - clone.URL = &location - backendConn, err = h.DialForUpgrade(clone) + klog.V(6).Infof("Connecting to backend proxy (direct dial) %s\n Headers: %v", &location, clone.Header) + if h.UseLocationHost { + clone.Host = h.Location.Host } + clone.URL = &location + backendConn, err = h.DialForUpgrade(clone) if err != nil { klog.V(6).Infof("Proxy connection error: %v", err) h.Responder.Error(w, req, err) diff --git a/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware_test.go b/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware_test.go index cb71b7e2702..f57b69a03ab 100644 --- a/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware_test.go +++ b/staging/src/k8s.io/apimachinery/pkg/util/proxy/upgradeaware_test.go @@ -501,61 +501,54 @@ func TestProxyUpgrade(t *testing.T) { } for k, tc := range testcases { - for _, redirect := range []bool{false, true} { - tcName := k - backendPath := "/hello" - if redirect { - tcName += " with redirect" - backendPath = "/redirect" - } - func() { // Cleanup after each test case. - backend := http.NewServeMux() - backend.Handle("/hello", websocket.Handler(func(ws *websocket.Conn) { - if ws.Request().Header.Get("Authorization") != tc.ExpectedAuth { - t.Errorf("%s: unexpected headers on request: %v", k, ws.Request().Header) - defer ws.Close() - ws.Write([]byte("you failed")) - return - } + tcName := k + backendPath := "/hello" + func() { // Cleanup after each test case. + backend := http.NewServeMux() + backend.Handle("/hello", websocket.Handler(func(ws *websocket.Conn) { + if ws.Request().Header.Get("Authorization") != tc.ExpectedAuth { + t.Errorf("%s: unexpected headers on request: %v", k, ws.Request().Header) defer ws.Close() - body := make([]byte, 5) - ws.Read(body) - ws.Write([]byte("hello " + string(body))) - })) - backend.Handle("/redirect", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - http.Redirect(w, r, "/hello", http.StatusFound) - })) - backendServer := tc.ServerFunc(backend) - defer backendServer.Close() - - serverURL, _ := url.Parse(backendServer.URL) - serverURL.Path = backendPath - proxyHandler := NewUpgradeAwareHandler(serverURL, tc.ProxyTransport, false, false, &noErrorsAllowed{t: t}) - proxyHandler.UpgradeTransport = tc.UpgradeTransport - proxyHandler.InterceptRedirects = redirect - proxy := httptest.NewServer(proxyHandler) - defer proxy.Close() - - ws, err := websocket.Dial("ws://"+proxy.Listener.Addr().String()+"/some/path", "", "http://127.0.0.1/") - if err != nil { - t.Fatalf("%s: websocket dial err: %s", tcName, err) + ws.Write([]byte("you failed")) + return } defer ws.Close() + body := make([]byte, 5) + ws.Read(body) + ws.Write([]byte("hello " + string(body))) + })) + backend.Handle("/redirect", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + http.Redirect(w, r, "/hello", http.StatusFound) + })) + backendServer := tc.ServerFunc(backend) + defer backendServer.Close() - if _, err := ws.Write([]byte("world")); err != nil { - t.Fatalf("%s: write err: %s", tcName, err) - } + serverURL, _ := url.Parse(backendServer.URL) + serverURL.Path = backendPath + proxyHandler := NewUpgradeAwareHandler(serverURL, tc.ProxyTransport, false, false, &noErrorsAllowed{t: t}) + proxyHandler.UpgradeTransport = tc.UpgradeTransport + proxy := httptest.NewServer(proxyHandler) + defer proxy.Close() - response := make([]byte, 20) - n, err := ws.Read(response) - if err != nil { - t.Fatalf("%s: read err: %s", tcName, err) - } - if e, a := "hello world", string(response[0:n]); e != a { - t.Fatalf("%s: expected '%#v', got '%#v'", tcName, e, a) - } - }() - } + ws, err := websocket.Dial("ws://"+proxy.Listener.Addr().String()+"/some/path", "", "http://127.0.0.1/") + if err != nil { + t.Fatalf("%s: websocket dial err: %s", tcName, err) + } + defer ws.Close() + + if _, err := ws.Write([]byte("world")); err != nil { + t.Fatalf("%s: write err: %s", tcName, err) + } + + response := make([]byte, 20) + n, err := ws.Read(response) + if err != nil { + t.Fatalf("%s: read err: %s", tcName, err) + } + if e, a := "hello world", string(response[0:n]); e != a { + t.Fatalf("%s: expected '%#v', got '%#v'", tcName, e, a) + } + }() } } @@ -614,107 +607,100 @@ func TestProxyUpgradeConnectionErrorResponse(t *testing.T) { } func TestProxyUpgradeErrorResponseTerminates(t *testing.T) { - for _, intercept := range []bool{true, false} { - for _, code := range []int{400, 500} { - t.Run(fmt.Sprintf("intercept=%v,code=%v", intercept, code), func(t *testing.T) { - // Set up a backend server - backend := http.NewServeMux() - backend.Handle("/hello", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.WriteHeader(code) - w.Write([]byte(`some data`)) - })) - backend.Handle("/there", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - t.Error("request to /there") - })) - backendServer := httptest.NewServer(backend) - defer backendServer.Close() - backendServerURL, _ := url.Parse(backendServer.URL) - backendServerURL.Path = "/hello" + for _, code := range []int{400, 500} { + t.Run(fmt.Sprintf("code=%v", code), func(t *testing.T) { + // Set up a backend server + backend := http.NewServeMux() + backend.Handle("/hello", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(code) + w.Write([]byte(`some data`)) + })) + backend.Handle("/there", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + t.Error("request to /there") + })) + backendServer := httptest.NewServer(backend) + defer backendServer.Close() + backendServerURL, _ := url.Parse(backendServer.URL) + backendServerURL.Path = "/hello" - // Set up a proxy pointing to a specific path on the backend - proxyHandler := NewUpgradeAwareHandler(backendServerURL, nil, false, false, &noErrorsAllowed{t: t}) - proxyHandler.InterceptRedirects = intercept - proxy := httptest.NewServer(proxyHandler) - defer proxy.Close() - proxyURL, _ := url.Parse(proxy.URL) + // Set up a proxy pointing to a specific path on the backend + proxyHandler := NewUpgradeAwareHandler(backendServerURL, nil, false, false, &noErrorsAllowed{t: t}) + proxy := httptest.NewServer(proxyHandler) + defer proxy.Close() + proxyURL, _ := url.Parse(proxy.URL) - conn, err := net.Dial("tcp", proxyURL.Host) - require.NoError(t, err) - bufferedReader := bufio.NewReader(conn) + conn, err := net.Dial("tcp", proxyURL.Host) + require.NoError(t, err) + bufferedReader := bufio.NewReader(conn) - // Send upgrade request resulting in a non-101 response from the backend - req, _ := http.NewRequest("GET", "/", nil) - req.Header.Set(httpstream.HeaderConnection, httpstream.HeaderUpgrade) - require.NoError(t, req.Write(conn)) - // Verify we get the correct response and full message body content - resp, err := http.ReadResponse(bufferedReader, nil) - require.NoError(t, err) - data, err := ioutil.ReadAll(resp.Body) - require.NoError(t, err) - require.Equal(t, resp.StatusCode, code) - require.Equal(t, data, []byte(`some data`)) - resp.Body.Close() + // Send upgrade request resulting in a non-101 response from the backend + req, _ := http.NewRequest("GET", "/", nil) + req.Header.Set(httpstream.HeaderConnection, httpstream.HeaderUpgrade) + require.NoError(t, req.Write(conn)) + // Verify we get the correct response and full message body content + resp, err := http.ReadResponse(bufferedReader, nil) + require.NoError(t, err) + data, err := ioutil.ReadAll(resp.Body) + require.NoError(t, err) + require.Equal(t, resp.StatusCode, code) + require.Equal(t, data, []byte(`some data`)) + resp.Body.Close() - // try to read from the connection to verify it was closed - b := make([]byte, 1) - conn.SetReadDeadline(time.Now().Add(time.Second)) - if _, err := conn.Read(b); err != io.EOF { - t.Errorf("expected EOF, got %v", err) - } + // try to read from the connection to verify it was closed + b := make([]byte, 1) + conn.SetReadDeadline(time.Now().Add(time.Second)) + if _, err := conn.Read(b); err != io.EOF { + t.Errorf("expected EOF, got %v", err) + } - // Send another request to another endpoint to verify it is not received - req, _ = http.NewRequest("GET", "/there", nil) - req.Write(conn) - // wait to ensure the handler does not receive the request - time.Sleep(time.Second) + // Send another request to another endpoint to verify it is not received + req, _ = http.NewRequest("GET", "/there", nil) + req.Write(conn) + // wait to ensure the handler does not receive the request + time.Sleep(time.Second) - // clean up - conn.Close() - }) - } + // clean up + conn.Close() + }) } } func TestProxyUpgradeErrorResponse(t *testing.T) { - for _, intercept := range []bool{true, false} { - for _, code := range []int{200, 300, 302, 307} { - t.Run(fmt.Sprintf("intercept=%v,code=%v", intercept, code), func(t *testing.T) { - // Set up a backend server - backend := http.NewServeMux() - backend.Handle("/hello", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - http.Redirect(w, r, "https://example.com/there", code) - })) - backendServer := httptest.NewServer(backend) - defer backendServer.Close() - backendServerURL, _ := url.Parse(backendServer.URL) - backendServerURL.Path = "/hello" + for _, code := range []int{200, 300, 302, 307} { + t.Run(fmt.Sprintf("code=%v", code), func(t *testing.T) { + // Set up a backend server + backend := http.NewServeMux() + backend.Handle("/hello", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + http.Redirect(w, r, "https://example.com/there", code) + })) + backendServer := httptest.NewServer(backend) + defer backendServer.Close() + backendServerURL, _ := url.Parse(backendServer.URL) + backendServerURL.Path = "/hello" - // Set up a proxy pointing to a specific path on the backend - proxyHandler := NewUpgradeAwareHandler(backendServerURL, nil, false, false, &fakeResponder{t: t}) - proxyHandler.InterceptRedirects = intercept - proxyHandler.RequireSameHostRedirects = true - proxy := httptest.NewServer(proxyHandler) - defer proxy.Close() - proxyURL, _ := url.Parse(proxy.URL) + // Set up a proxy pointing to a specific path on the backend + proxyHandler := NewUpgradeAwareHandler(backendServerURL, nil, false, false, &fakeResponder{t: t}) + proxy := httptest.NewServer(proxyHandler) + defer proxy.Close() + proxyURL, _ := url.Parse(proxy.URL) - conn, err := net.Dial("tcp", proxyURL.Host) - require.NoError(t, err) - bufferedReader := bufio.NewReader(conn) + conn, err := net.Dial("tcp", proxyURL.Host) + require.NoError(t, err) + bufferedReader := bufio.NewReader(conn) - // Send upgrade request resulting in a non-101 response from the backend - req, _ := http.NewRequest("GET", "/", nil) - req.Header.Set(httpstream.HeaderConnection, httpstream.HeaderUpgrade) - require.NoError(t, req.Write(conn)) - // Verify we get the correct response and full message body content - resp, err := http.ReadResponse(bufferedReader, nil) - require.NoError(t, err) - assert.Equal(t, fakeStatusCode, resp.StatusCode) - resp.Body.Close() + // Send upgrade request resulting in a non-101 response from the backend + req, _ := http.NewRequest("GET", "/", nil) + req.Header.Set(httpstream.HeaderConnection, httpstream.HeaderUpgrade) + require.NoError(t, req.Write(conn)) + // Verify we get the correct response and full message body content + resp, err := http.ReadResponse(bufferedReader, nil) + require.NoError(t, err) + assert.Equal(t, fakeStatusCode, resp.StatusCode) + resp.Body.Close() - // clean up - conn.Close() - }) - } + // clean up + conn.Close() + }) } } diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go b/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go index b226681126d..f6255ea56f5 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go @@ -172,8 +172,6 @@ func (r *proxyHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { } handler := proxy.NewUpgradeAwareHandler(location, proxyRoundTripper, true, upgrade, &responder{w: w}) - handler.InterceptRedirects = false - handler.RequireSameHostRedirects = false utilflowcontrol.RequestDelegated(req.Context()) handler.ServeHTTP(w, newReq) }