Adjust forward auth to avoid connection leak #10096
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This MR provides a minor bug fix for forward auth middleware implementation.
During the sub-request of forward auth process, If error happens on
io.ReadAll(forwardResponse.Body)
, current implement won't close the body, the underline http connection can not be reuse for next request, and results in connection leak in HTTP 1.1 environment.The only change in this MR is to register the defer statement earlier, covering all possible execution path.
Although it’s unlikely for a working connection to return error on body read, it’s still a good practice to
defer body.Close()
immediately afterclient.Do
if it does not return error.See also:
net/http
document: https://pkg.go.dev/net/httppersistConn
andbodyEOFSignal
implementation: https://github.com/golang/go/blob/master/src/net/http/transport.goMotivation
It's not a serious bug, just nitpicking some implementation details. :D
More
Additional Notes
I grep the code base with
client.Do
usage, another issue I found is inintegration/try/try.go
.Since that package is only used in test, it’s should be ok to keep it untouched. :D