yangyl/managed-portal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: preserve web device session headers

Browse Source
This commit is contained in:
Yoilun
2026-05-15 03:08:57 +08:00
parent 1114ee00c1
commit bd49486304
2 changed files with 39 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
internal/webdevice/proxy.go
View File

@@ -151,10 +151,12 @@ func shouldRetryProxyRequest(req *http.Request, err error) bool {
} }
func sanitizeProxyRequestHeader(source http.Header, upstreamPath string) http.Header { func sanitizeProxyRequestHeader(source http.Header, upstreamPath string) http.Header {
header := make(http.Header) header := source.Clone()
copyHeaderValue(header, source, "Accept") for key := range header {
copyHeaderValue(header, source, "Content-Type") if isProxyManagedHeader(key) {
copyHeaderValue(header, source, "Authorization") header.Del(key)
}
}
userAgent := strings.TrimSpace(source.Get("User-Agent")) userAgent := strings.TrimSpace(source.Get("User-Agent"))
if userAgent == "" { if userAgent == "" {
@@ -164,17 +166,32 @@ func sanitizeProxyRequestHeader(source http.Header, upstreamPath string) http.He
header.Set("Connection", "close") header.Set("Connection", "close")
if !isLoginPagePath(upstreamPath) { if !isLoginPagePath(upstreamPath) {
copyHeaderValue(header, source, "Cookie") return header
} }
header.Del("Cookie")
header.Del("Referer")
return header return header
} }
func copyHeaderValue(target, source http.Header, key string) { func isProxyManagedHeader(key string) bool {
if value := source.Values(key); len(value) > 0 { switch http.CanonicalHeaderKey(key) {
target.Del(key) case "Connection",
for _, item := range value { "Proxy-Connection",
target.Add(key, item) "Keep-Alive",
} "Transfer-Encoding",
"Upgrade",
"Te",
"Trailer",
"Proxy-Authenticate",
"Proxy-Authorization",
"Forwarded",
"X-Forwarded-For",
"X-Forwarded-Host",
"X-Forwarded-Proto",
"X-Real-Ip":
return true
default:
return false
} }
} }

11
internal/webdevice/proxy_test.go
View File

@@ -135,6 +135,8 @@ func TestSanitizeProxyRequestHeaderDropsLoginCookie(t *testing.T) {
source.Set("User-Agent", "browser") source.Set("User-Agent", "browser")
source.Set("Cookie", "SID=1") source.Set("Cookie", "SID=1")
source.Set("Referer", "http://10.8.0.18:13000/proxy/web/192.168.0.108/") source.Set("Referer", "http://10.8.0.18:13000/proxy/web/192.168.0.108/")
source.Set("Sessiontag", "abc123")
source.Set("If-Modified-Since", "0")
source.Set("X-Forwarded-For", "10.8.0.1") source.Set("X-Forwarded-For", "10.8.0.1")
loginHeader := sanitizeProxyRequestHeader(source, "/doc/page/login.asp") loginHeader := sanitizeProxyRequestHeader(source, "/doc/page/login.asp")
@@ -147,9 +149,18 @@ func TestSanitizeProxyRequestHeaderDropsLoginCookie(t *testing.T) {
if got := loginHeader.Get("X-Forwarded-For"); got != "" { if got := loginHeader.Get("X-Forwarded-For"); got != "" {
t.Fatalf("login X-Forwarded-For = %q, want empty", got) t.Fatalf("login X-Forwarded-For = %q, want empty", got)
} }
if got := loginHeader.Get("Sessiontag"); got != "abc123" {
t.Fatalf("login Sessiontag = %q, want abc123", got)
}
apiHeader := sanitizeProxyRequestHeader(source, "/ISAPI/Security/userCheck") apiHeader := sanitizeProxyRequestHeader(source, "/ISAPI/Security/userCheck")
if got := apiHeader.Get("Cookie"); got != "SID=1" { if got := apiHeader.Get("Cookie"); got != "SID=1" {
t.Fatalf("api Cookie = %q, want SID=1", got) t.Fatalf("api Cookie = %q, want SID=1", got)
} }
if got := apiHeader.Get("Sessiontag"); got != "abc123" {
t.Fatalf("api Sessiontag = %q, want abc123", got)
}
if got := apiHeader.Get("If-Modified-Since"); got != "0" {
t.Fatalf("api If-Modified-Since = %q, want 0", got)
}
} }