Merge pull request #17024 from jmhbnz/backport-ssrf-fix

[3.5] Backport disable following redirects when checking peer urls
etcd-io · Nov 28, 2023 · ce4ae2b · ce4ae2b
2 parents d4e8610 + 9e21048
commit ce4ae2b
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/server/etcdserver/cluster_util.go b/server/etcdserver/cluster_util.go
@@ -275,6 +275,9 @@ func isCompatibleWithVers(lg *zap.Logger, vers map[string]*version.Versions, loc
 func getVersion(lg *zap.Logger, m *membership.Member, rt http.RoundTripper) (*version.Versions, error) {
 	cc := &http.Client{
 		Transport: rt,
+		CheckRedirect: func(req *http.Request, via []*http.Request) error {
+			return http.ErrUseLastResponse
+		},
 	}
 	var (
 		err  error