From ae96ce866f4b3dc09dc4eab019d7725a63623d94 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 22 Jul 2024 21:21:04 +0200 Subject: [PATCH] remove support for setting CORS headers (deprecated) Configuring CORS headers was deprecated in docker 27.0 through 7ea9acc97f4c884ecdaebd06ed0353b28263d118, which disabled them by default with a temporary `DOCKERD_DEPRECATED_CORS_HEADER` env-var to allow using the option. This patch removes the feature altogether; the flag is kept for one more release to allow printing a more informative error, but can be removed in the next release. Signed-off-by: Sebastiaan van Stijn --- api/server/middleware/cors.go | 42 ----------------------------------- cmd/dockerd/config.go | 3 ++- cmd/dockerd/daemon.go | 8 +------ daemon/config/config.go | 7 +++++- 4 files changed, 9 insertions(+), 51 deletions(-) delete mode 100644 api/server/middleware/cors.go diff --git a/api/server/middleware/cors.go b/api/server/middleware/cors.go deleted file mode 100644 index 0fa5a1daf7..0000000000 --- a/api/server/middleware/cors.go +++ /dev/null @@ -1,42 +0,0 @@ -package middleware // import "github.com/docker/docker/api/server/middleware" - -import ( - "context" - "net/http" - - "github.com/containerd/log" - "github.com/docker/docker/api/types/registry" -) - -// CORSMiddleware injects CORS headers to each request -// when it's configured. -// -// Deprecated: CORS headers should not be set on the API. This feature will be removed in the next release. -type CORSMiddleware struct { - defaultHeaders string -} - -// NewCORSMiddleware creates a new CORSMiddleware with default headers. -// -// Deprecated: CORS headers should not be set on the API. This feature will be removed in the next release. -func NewCORSMiddleware(d string) CORSMiddleware { - return CORSMiddleware{defaultHeaders: d} -} - -// WrapHandler returns a new handler function wrapping the previous one in the request chain. -func (c CORSMiddleware) WrapHandler(handler func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error) func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error { - return func(ctx context.Context, w http.ResponseWriter, r *http.Request, vars map[string]string) error { - // If "api-cors-header" is not given, but "api-enable-cors" is true, we set cors to "*" - // otherwise, all head values will be passed to HTTP handler - corsHeaders := c.defaultHeaders - if corsHeaders == "" { - corsHeaders = "*" - } - - log.G(ctx).Debugf("CORS header is enabled and set to: %s", corsHeaders) - w.Header().Add("Access-Control-Allow-Origin", corsHeaders) - w.Header().Add("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, "+registry.AuthHeader) - w.Header().Add("Access-Control-Allow-Methods", "HEAD, GET, POST, DELETE, PUT, OPTIONS") - return handler(ctx, w, r, vars) - } -} diff --git a/cmd/dockerd/config.go b/cmd/dockerd/config.go index 5fc8986de3..50852401a7 100644 --- a/cmd/dockerd/config.go +++ b/cmd/dockerd/config.go @@ -75,7 +75,8 @@ func installCommonConfigFlags(conf *config.Config, flags *pflag.FlagSet) { // Deprecated flags / options - flags.StringVar(&conf.CorsHeaders, "api-cors-header", "", "Set CORS headers in the Engine API; deprecated, and will be removed in the next release") + // TODO(thaJeztah): option is used to produce error when used; remove in next release + flags.StringVar(&conf.CorsHeaders, "api-cors-header", "", "Set CORS headers in the Engine API; deprecated: this feature was deprecated in 27.0, and now removed") _ = flags.MarkDeprecated("api-cors-header", "accessing Docker API through a browser is insecure; use a reverse proxy if you need CORS headers") flags.BoolVarP(&conf.AutoRestart, "restart", "r", true, "--restart on the daemon has been deprecated in favor of --restart policies on docker run") _ = flags.MarkDeprecated("restart", "Please use a restart policy on docker run") diff --git a/cmd/dockerd/daemon.go b/cmd/dockerd/daemon.go index 6bdf0175ea..9b1e7f0449 100644 --- a/cmd/dockerd/daemon.go +++ b/cmd/dockerd/daemon.go @@ -735,7 +735,7 @@ func (opts routerOptions) Build() []router.Router { return routers } -func initMiddlewares(ctx context.Context, s *apiserver.Server, cfg *config.Config, pluginStore plugingetter.PluginGetter) (*authorization.Middleware, error) { +func initMiddlewares(_ context.Context, s *apiserver.Server, cfg *config.Config, pluginStore plugingetter.PluginGetter) (*authorization.Middleware, error) { exp := middleware.NewExperimentalMiddleware(cfg.Experimental) s.UseMiddleware(exp) @@ -745,12 +745,6 @@ func initMiddlewares(ctx context.Context, s *apiserver.Server, cfg *config.Confi } s.UseMiddleware(*vm) - if cfg.CorsHeaders != "" && os.Getenv("DOCKERD_DEPRECATED_CORS_HEADER") != "" { - log.G(ctx).Warn(`DEPRECATED: The "api-cors-header" config parameter and the dockerd "--api-cors-header" option will be removed in the next release. Use a reverse proxy if you need CORS headers.`) - c := middleware.NewCORSMiddleware(cfg.CorsHeaders) //nolint:staticcheck // ignore SA1019 (NewCORSMiddleware is deprecated); will be removed in the next release. - s.UseMiddleware(c) - } - authzMiddleware := authorization.NewMiddleware(cfg.AuthorizationPlugins, pluginStore) s.UseMiddleware(authzMiddleware) return authzMiddleware, nil diff --git a/daemon/config/config.go b/daemon/config/config.go index 04f5ec1385..809727d4e6 100644 --- a/daemon/config/config.go +++ b/daemon/config/config.go @@ -160,7 +160,7 @@ type CommonConfig struct { Root string `json:"data-root,omitempty"` ExecRoot string `json:"exec-root,omitempty"` SocketGroup string `json:"group,omitempty"` - CorsHeaders string `json:"api-cors-header,omitempty"` // Deprecated: CORS headers should not be set on the API. This feature will be removed in the next release. + CorsHeaders string `json:"api-cors-header,omitempty"` // Deprecated: CORS headers should not be set on the API. This feature will be removed in the next release. // TODO(thaJeztah): option is used to produce error when used; remove in next release // Proxies holds the proxies that are configured for the daemon. Proxies `json:"proxies"` @@ -683,6 +683,11 @@ func Validate(config *Config) error { } } + if config.CorsHeaders != "" { + // TODO(thaJeztah): option is used to produce error when used; remove in next release + return errors.New(`DEPRECATED: The "api-cors-header" config parameter and the dockerd "--api-cors-header" option have been removed; use a reverse proxy if you need CORS headers`) + } + // validate platform-specific settings return config.ValidatePlatformConfig() }