mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 19:56:01 +00:00
Merge pull request #36769 from deads2k/auth-03-fix-impersonation
Automatic merge from submit-queue clear impersonation headers If you clone a request that came in after impersonation, you were also cloning the impersonation headers that came with it. These seem roughly analogous to the `Authorization` header, so this clears them. @kubernetes/sig-auth
This commit is contained in:
commit
d00696a0d8
@ -123,6 +123,15 @@ func WithImpersonation(handler http.Handler, requestContextMapper api.RequestCon
|
||||
oldUser, _ := api.UserFrom(ctx)
|
||||
httplog.LogOf(req, w).Addf("%v is acting as %v", oldUser, newUser)
|
||||
|
||||
// clear all the impersonation headers from the request
|
||||
req.Header.Del(authenticationapi.ImpersonateUserHeader)
|
||||
req.Header.Del(authenticationapi.ImpersonateGroupHeader)
|
||||
for headerName := range req.Header {
|
||||
if strings.HasPrefix(headerName, authenticationapi.ImpersonateUserExtraHeaderPrefix) {
|
||||
req.Header.Del(headerName)
|
||||
}
|
||||
}
|
||||
|
||||
handler.ServeHTTP(w, req)
|
||||
})
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user