Fix a potential race condition with agent credentials. #3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When the agent sends a request to the proxy server, it includes an OAuth access token in the 'Authorization' header to identify itself. Previously, that token was being generated as soon as the agent had a request to forward to the backend server. However, that token was only guaranteed to be valid for 10 seconds, and the backend server could take longer than that to respond. This allowed a scenario where the OAuth access token would expire between the time the request to the proxy was generated and the time when it was actually sent to the proxy server. This commit fixes that issue by delaying the proxy request round trip until we know that the request has enough data to be sent to the proxy server. This amounts to the response from the backend server either having some of its body written (for a non-empty backend response), or the response being finished (for an empty backend response).
chmeyers
approved these changes
Sep 2, 2017
jimmc
approved these changes
Sep 2, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When the agent sends a request to the proxy server, it includes an
OAuth access token in the 'Authorization' header to identify itself.
Previously, that token was being generated as soon as the agent had
a request to forward to the backend server. However, that token was
only guaranteed to be valid for 10 seconds, and the backend server
could take longer than that to respond.
This allowed a scenario where the OAuth access token would expire
between the time the request to the proxy was generated and the
time when it was actually sent to the proxy server.
This commit fixes that issue by delaying the proxy request round
trip until we know that the request has enough data to be sent
to the proxy server. This amounts to the response from the backend
server either having some of its body written (for a non-empty
backend response), or the response being finished (for an empty
backend response).