Add `MaxRedirects` option to set maximum redirection-followings allowed.
The option is only valid when `FollowRedirects` is `true`.
Being able to limit the amount of redirections is helpful in order to
avoid possible loops of redirections or just too long round trips.
Previously, when no keys were specified, copyHeaders would copy all
headers from src to dst. I believe this is a remnant of some old code,
as we don't actually ever use that behavior today.
I'm removing this as it seems too likely to accidentally pass along
headers that shouldn't be. Instead, let's always be explicit about
which headers to copy (which is what we currently do anyway).
- switch to "project authors" style copyright. Instead of an AUTHORS
file (https://opensource.google/docs/releasing/authors/), I just list
Google as a major copyright holder in the README.
- use SPDX style license headers in source files
- remove CLA requirement from contributing docs
This is what I probably should have called this when I renamed it back
in 70276f36, since this makes it more obvious that it's a list of
allowed hosts. Renaming now to make room for a `DenyHosts` variable as
part of #85.
If no content types are specified, then accept all responses, regardless
of content type (this is the behavior imageproxy has historically had).
Change default value for the contentTypes flag to be "image/*", so that
the new default when running cmd/imageproxy is that only images will be
proxied. The old default behavior can be achieved by passing an empty
string for the contentTypes flag:
imageproxy -contentTypes ""
Do not send the "XCTO: nosniff" header, since all documentation that I
can find still says that it can cause problems when served with images.
If it's effectively a noop when an explicit content-type is specified in
the response, then this shouldn't actually matter for us either way.
But in the absence of certainty, I'd rather err on the side of following
the spec.
Also add documentation for the new functionality.
Fixes#141
- take simple http.Header values as input, rather than http.Response
- allow multiple headers to be copied to be specified. If no headers
specified, then copy all.
this has actually always been failing to transform the image, but wasn't
being caught by our tests because we are currently only checking the
response code.
This pointer was only needed to pass along the scaleUp option. In order
to prevent someone from specifying the scaleUp option on an individual
request against the owner's wishes, we didn't encode or decode that
field on the Options struct. Instead, we stored the value on the Proxy
object and then set it on the Options struct inside the
TransformingTransport. This worked, but I never really liked binding
those two together.
Instead, we now treat scaleUp as a normal Option field, encoding and
decoding it with all the others. The primary difference is that the
initial value from the request URL will always be overwritten with
whatever is set in Proxy.ScaleUp. This decouples the
TransformingTransport from the Proxy, but prevents the option from being
set in the request URL.
Modifies #37
Remove unused ResponseWriter parameter from check304, add function docs,
and add TODO for alternate Etag header values that we should handle.
Add tests for Proxy.allowed and check304.
