From e95fde565295fe3220197e1fe43ffc0ddded5e8c Mon Sep 17 00:00:00 2001 From: Romain Date: Fri, 29 Sep 2023 12:18:06 +0200 Subject: [PATCH] Fix preflight response status in access logs Co-authored-by: lbenguigui --- integration/access_log_test.go | 47 ++++++++++++++++++++ integration/fixtures/access_log_config.toml | 2 + integration/resources/compose/access_log.yml | 10 +++++ pkg/middlewares/headers/header.go | 1 + 4 files changed, 60 insertions(+) diff --git a/integration/access_log_test.go b/integration/access_log_test.go index d279f993f..1f25a9471 100644 --- a/integration/access_log_test.go +++ b/integration/access_log_test.go @@ -592,6 +592,53 @@ func (s *AccessLogSuite) TestAccessLogAuthFrontendSuccess(c *check.C) { checkNoOtherTraefikProblems(c) } +func (s *AccessLogSuite) TestAccessLogPreflightHeadersMiddleware(c *check.C) { + ensureWorkingDirectoryIsClean() + + expected := []accessLogValue{ + { + formatOnly: false, + code: "200", + user: "-", + routerName: "rt-preflightCORS", + serviceURL: "-", + }, + } + + // Start Traefik + cmd, display := s.traefikCmd(withConfigFile("fixtures/access_log_config.toml")) + defer display(c) + + err := cmd.Start() + c.Assert(err, checker.IsNil) + defer s.killCmd(cmd) + + checkStatsForLogFile(c) + + waitForTraefik(c, "preflightCORS") + + // Verify Traefik started OK + checkTraefikStarted(c) + + // Test preflight response + req, err := http.NewRequest(http.MethodOptions, "http://127.0.0.1:8009/", nil) + c.Assert(err, checker.IsNil) + req.Host = "preflight.docker.local" + req.Header.Set("Origin", "whatever") + req.Header.Set("Access-Control-Request-Method", "GET") + + err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusOK)) + c.Assert(err, checker.IsNil) + + // Verify access.log output as expected + count := checkAccessLogExactValuesOutput(c, expected) + + c.Assert(count, checker.GreaterOrEqualThan, len(expected)) + + // Verify no other Traefik problems + checkNoOtherTraefikProblems(c) +} + func checkNoOtherTraefikProblems(c *check.C) { traefikLog, err := os.ReadFile(traefikTestLogFile) c.Assert(err, checker.IsNil) diff --git a/integration/fixtures/access_log_config.toml b/integration/fixtures/access_log_config.toml index 68e653788..8d954450e 100644 --- a/integration/fixtures/access_log_config.toml +++ b/integration/fixtures/access_log_config.toml @@ -20,6 +20,8 @@ address = ":8007" [entryPoints.digestAuth] address = ":8008" + [entryPoints.preflight] + address = ":8009" [api] insecure = true diff --git a/integration/resources/compose/access_log.yml b/integration/resources/compose/access_log.yml index 91b1a0c48..3ae761c4a 100644 --- a/integration/resources/compose/access_log.yml +++ b/integration/resources/compose/access_log.yml @@ -85,6 +85,16 @@ services: traefik.http.middlewares.wl.ipwhitelist.sourcerange: 8.8.8.8/32 traefik.http.services.service3.loadbalancer.server.port: 80 + preflightCORS: + image: traefik/whoami + labels: + traefik.enable: true + traefik.http.routers.rt-preflightCORS.entryPoints: preflight + traefik.http.routers.rt-preflightCORS.rule: Host(`preflight.docker.local`) + traefik.http.routers.rt-preflightCORS.middlewares: preflightCORS + traefik.http.middlewares.preflightCORS.headers.accessControlAllowMethods: OPTIONS, GET + traefik.http.services.preflightCORS.loadbalancer.server.port: 80 + networks: default: name: traefik-test-network diff --git a/pkg/middlewares/headers/header.go b/pkg/middlewares/headers/header.go index 8e48f9f33..3930277c8 100644 --- a/pkg/middlewares/headers/header.go +++ b/pkg/middlewares/headers/header.go @@ -53,6 +53,7 @@ func NewHeader(next http.Handler, cfg dynamic.Headers) (*Header, error) { func (s *Header) ServeHTTP(rw http.ResponseWriter, req *http.Request) { // Handle Cors headers and preflight if configured. if isPreflight := s.processCorsHeaders(rw, req); isPreflight { + rw.WriteHeader(http.StatusOK) return }