aa4825cb53
This patch adds a new function that checks if a response was a redirect for an a request and removes the Authorization header that we usually send if it is not one of our trusted hosts. This prevents authorization keys from going to insecure places. This is similar logic that exists in the moby registry code[0]. Additionally improves the cachability of blobs from docker.io because they are redirects to files that exist on a CDN that doesn't actually require authentication. The upstream CI registry caching system doesn't cache any requests with the Authorization header per the apache cache documentation[1]. [0] |
||
---|---|---|
.. | ||
actions | ||
filters | ||
image | ||
releasenotes/notes | ||
templates | ||
tests | ||
utils | ||
__init__.py | ||
arch.py | ||
constants.py | ||
exception.py | ||
i18n.py | ||
inventories.py | ||
inventory.py | ||
update.py |