Accept session cookie auth params via headers and query parameters (!1055) · Merge requests · GitLab.org / cluster-integration / GitLab Agent for Kubernetes

Timo Furrer requested to merge feature/cookie-auth-query-params into master Jul 28, 2023

The browser Websocket API doesn't support sending custom HTTP headers via the connection upgrade request and thus, we must send the agent id and CSRF token in the query parameters instead of the headers.

This change set implements that KAS supports both, no matter if for websocket connections or not. KAS will prefer the headers over the query parameters and doesn't fail if both are provided - even if their values are inconsistently. We may change this in a follow up.

cc @afontaine

Closes #438 (closed)

Edited Jul 28, 2023 by Timo Furrer

Accept session cookie auth params via headers and query parameters

Merge request reports