-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GET requests blocked by AWS Application Load Balancer #467
Labels
bug
Something isn't working
Comments
flbla
added a commit
that referenced
this issue
Oct 23, 2024
I managed to build the provider manually and use it in a local test setup. Using the code from the PR, I was able to successfully run terraform and create some harbor resources (while the loadbalancer was set to And I also cross-checked, that it failed using the code from the main branch (as expected). |
flbla
added a commit
that referenced
this issue
Oct 30, 2024
Signed-off-by: flbla <[email protected]>
hi @BlueIce |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
When accessing a harbor instance which is behind a AWS Application Load Balancers, GET requests get blocked if "Desync mitigation mode" is set to
strictest
.I think the reason it that for GET (and maybe also HEAD) requests, the
payload
passed to the client isnil
. And when the payload is processed by the json encoder, the byte bufferb
will contain a literalnull
and a newline:terraform-provider-harbor/client/client.go
Lines 42 to 43 in 33fc049
Which in turn has the effect, that the request will also have a content-length header and a non-empty body.
The request gets classified as
Ambiguous
(which means accordings to AWS docs: "Request does not comply with RFC 7230 but poses a risk, as various web servers and proxies could handle it differently."), which is blocked atstrictest
mode. The classification reason isUndefinedContentLengthSemantics
, meaning:To Reproduce
The json encoding part can be reproduced by
This will print:
To reproduce the blocked requests, a AWS Application Load Balancer has to be setup with "Desync mitigation mode" set to strictest.
Expected behavior
Request don't get blocked by AWS Application Load Balancer in
strictest
mode.Additional context
Idea to fix the problem:
Do not use the json encoder if the
payload
isnil
so that the byte buffer will stay empty.The text was updated successfully, but these errors were encountered: