Skip to content

header key validation stricter than user.Info.Extra key validation #63682

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#65799
Closed
header key validation stricter than user.Info.Extra key validation#63682
#65799
Assignees
mikedanese
Labels
kind/bugCategorizes issue or PR as related to a bug.sig/authCategorizes an issue or PR as relevant to SIG Auth.
@mikedanese

Description

@mikedanese
mikedanese
opened on May 10, 2018

user.Info.Extra keys can have '/' in them ( we actually advertise this in the doc) but header keys cannot. This is problematic because we transport those keys embeded in header keys when we use the requestheader authenticator. We have a couple options that I can think of. We can either:

  1. Encode extra info differently.
  2. Tighten extra info key validation.

Go validation here:
https://github.com/golang/go/blob/1c69384da4fb4a1323e011941c101189247fea67/src/net/textproto/reader.go#L593-L602

@yliaog @seans3 @deads2k @liggitt

Metadata

Assignees

Labels

kind/bugCategorizes issue or PR as related to a bug.sig/authCategorizes an issue or PR as relevant to SIG Auth.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions