From 98b840b66e8a748ee352f6774adec4175affffde Mon Sep 17 00:00:00 2001 From: Tim Gross Date: Mon, 13 Mar 2023 16:06:11 -0400 Subject: [PATCH] agent: trim space when parsing X-Nomad-Token header Our auth token parsing code trims space around the `Authorization` header but not around `X-Nomad-Token`. When using the UI, it's easy to accidentally introduce a leading or trailing space, which results in spurious authentication errors. Trim the space at the HTTP server. --- .changelog/16469.txt | 3 +++ command/agent/http.go | 2 +- command/agent/http_test.go | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 .changelog/16469.txt diff --git a/.changelog/16469.txt b/.changelog/16469.txt new file mode 100644 index 00000000000..e97e2f5dc45 --- /dev/null +++ b/.changelog/16469.txt @@ -0,0 +1,3 @@ +```release-note:improvement +agent: trim leading and trailing spaces when parsing `X-Nomad-Token` header +``` diff --git a/command/agent/http.go b/command/agent/http.go index 78876f890b2..aab5c0017b5 100644 --- a/command/agent/http.go +++ b/command/agent/http.go @@ -969,7 +969,7 @@ func parseInt(req *http.Request, field string) (*int, error) { // parseToken is used to parse the X-Nomad-Token param func (s *HTTPServer) parseToken(req *http.Request, token *string) { if other := req.Header.Get("X-Nomad-Token"); other != "" { - *token = other + *token = strings.TrimSpace(other) return } diff --git a/command/agent/http_test.go b/command/agent/http_test.go index 66d097e0dd4..9f31caf51ad 100644 --- a/command/agent/http_test.go +++ b/command/agent/http_test.go @@ -552,7 +552,7 @@ func TestParseToken(t *testing.T) { { Name: "Parses token from X-Nomad-Token", HeaderKey: "X-Nomad-Token", - HeaderValue: "foobar", + HeaderValue: " foobar", ExpectedToken: "foobar", }, {