When following redirects, ensure that the final URL is not in the
configured DenyHosts list, but do not further enforce presence in the
AllowHosts list.
This was initially added in #237, and the original use case was about
protecting against redirects being used to bypass denied hosts. They
were using URL signatures and deny lists (for localhost, etc), but not
allow lists. So really, checking against the deny list is all that was
needed in that case.
This came up recently for me as I was trying to proxy images on a remote
host that redirects to Amazon S3. Even though the original URL was
signed, the redirect was being denied because s3-us-west-2.amazonaws.com
isn't on of my allowed host. But I don't want to allow all of S3, just
the signed URLs.
This has begun failing with the error:
error generating coverage report: write |1: file already closed
I'm not 100% sure what's causing this, but this test isn't actually
covering very much, and trying to test a main function is often fraught
anyway, so it's not worth the hassle.
This is not a new requirement... I started using 1.17 features at some
point in the past (as indicated in the CI tests). I just missed
declaring that requirement in the go.mod file.
With go1.17, the structure of the go.mod files changes a bit, but this
shouldn't actually have any actual changes in the dependency tree.
apparently cosign doesn't like signing tags :)
WARNING: Image reference ghcr.io/willnorris/imageproxy:main uses a tag,
not a digest, to identify the image to sign.
This can lead you to sign a different image than the intended one.
Please use a digest (example.com/ubuntu@sha256:abc123...) rather than
tag (example.com/ubuntu:latest) for the input to cosign. The ability to
refer to images by tag will be removed in a future release.
Add `MaxRedirects` option to set maximum redirection-followings allowed.
The option is only valid when `FollowRedirects` is `true`.
Being able to limit the amount of redirections is helpful in order to
avoid possible loops of redirections or just too long round trips.
Previously, when no keys were specified, copyHeaders would copy all
headers from src to dst. I believe this is a remnant of some old code,
as we don't actually ever use that behavior today.
I'm removing this as it seems too likely to accidentally pass along
headers that shouldn't be. Instead, let's always be explicit about
which headers to copy (which is what we currently do anyway).
Add a new passRequestHeaders field to Proxy that identifies headers to
pass from inbound request to remote servers. Also add associated flag
to imageproxy CLI.
This is initially added to support remote servers that require an
authorization token.
Fixes#321
