From 72dc64790cb59856568dd69d65d5584a65ea4ea0 Mon Sep 17 00:00:00 2001 From: Alexander Zagaynov Date: Wed, 30 Aug 2017 11:21:22 +0200 Subject: escape corsAllowedOrigins regexp strings and anchor them --- roles/openshift_master/templates/master.yaml.v1.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index c14579435..abd2f9a59 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -59,7 +59,7 @@ controllerConfig: controllers: '*' corsAllowedOrigins: {% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %} - - {{ origin }} + - (?i)\A{{ origin | regex_escape() }}\z {% endfor %} {% for custom_origin in openshift.master.custom_cors_origins | default("") %} - {{ custom_origin }} -- cgit v1.2.3 From 6bf432ff2d21ec8e8c8dd78f00dab8036359ae52 Mon Sep 17 00:00:00 2001 From: Alexander Zagaynov Date: Wed, 30 Aug 2017 16:40:47 +0200 Subject: add comment on regexp specifics --- roles/openshift_master/templates/master.yaml.v1.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index abd2f9a59..0cf20ce85 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -59,7 +59,7 @@ controllerConfig: controllers: '*' corsAllowedOrigins: {% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %} - - (?i)\A{{ origin | regex_escape() }}\z + - (?i)\A{{ origin | regex_escape() }}\z {# anchor with start (\A) and end (\z) of the string, make the check case insensitive ((?i)) and escape hostname #} {% endfor %} {% for custom_origin in openshift.master.custom_cors_origins | default("") %} - {{ custom_origin }} -- cgit v1.2.3 From 7277ab699715a2db809b05549e9272197362b99c Mon Sep 17 00:00:00 2001 From: Alexander Zagaynov Date: Wed, 30 Aug 2017 16:43:42 +0200 Subject: escape also custom_cors_origins --- roles/openshift_master/templates/master.yaml.v1.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 0cf20ce85..8e373f4db 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -62,7 +62,7 @@ corsAllowedOrigins: - (?i)\A{{ origin | regex_escape() }}\z {# anchor with start (\A) and end (\z) of the string, make the check case insensitive ((?i)) and escape hostname #} {% endfor %} {% for custom_origin in openshift.master.custom_cors_origins | default("") %} - - {{ custom_origin }} + - (?i)\A{{ custom_origin | regex_escape() }}\z {# anchor with start (\A) and end (\z) of the string, make the check case insensitive ((?i)) and escape hostname #} {% endfor %} {% if 'disabled_features' in openshift.master %} disabledFeatures: {{ openshift.master.disabled_features | to_json }} -- cgit v1.2.3 From 8480ab43c99ede8bad9dc8ea27f676dc2d6af446 Mon Sep 17 00:00:00 2001 From: Alexander Zagaynov Date: Tue, 5 Sep 2017 10:48:51 +0200 Subject: fix comment and make it visible to end-user --- roles/openshift_master/templates/master.yaml.v1.j2 | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'roles') diff --git a/roles/openshift_master/templates/master.yaml.v1.j2 b/roles/openshift_master/templates/master.yaml.v1.j2 index 8e373f4db..2b7f9afc9 100644 --- a/roles/openshift_master/templates/master.yaml.v1.j2 +++ b/roles/openshift_master/templates/master.yaml.v1.j2 @@ -58,11 +58,12 @@ controllerConfig: {% endif %} controllers: '*' corsAllowedOrigins: + # anchor with start (\A) and end (\z) of the string, make the check case insensitive ((?i)) and escape hostname {% for origin in ['127.0.0.1', 'localhost', openshift.common.ip, openshift.common.public_ip] | union(openshift.common.all_hostnames) | unique %} - - (?i)\A{{ origin | regex_escape() }}\z {# anchor with start (\A) and end (\z) of the string, make the check case insensitive ((?i)) and escape hostname #} + - (?i)\A{{ origin | regex_escape() }}\z {% endfor %} {% for custom_origin in openshift.master.custom_cors_origins | default("") %} - - (?i)\A{{ custom_origin | regex_escape() }}\z {# anchor with start (\A) and end (\z) of the string, make the check case insensitive ((?i)) and escape hostname #} + - (?i)\A{{ custom_origin | regex_escape() }}\z {% endfor %} {% if 'disabled_features' in openshift.master %} disabledFeatures: {{ openshift.master.disabled_features | to_json }} -- cgit v1.2.3