Skip to content

v0.11.103

Choose a tag to compare

View all tags
@zalando-robot zalando-robot released this 02 Jun 13:32
v0.11.103
d1457a3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Changes

Deduplicate OIDC cookies (#1433)
For each ingress Skipper will hash a new cookie. If several ingresses for the same domain are defined,
either by several hosts or sub-paths, it will accumulate cookies on the client browser which can lead to side effects like header limits exceeded or heavy request payloads.
There might be better approaches to tackle this issue by specifying the actual path of its ingress on the cookie,
however this information is apparently not available at the filter level for now.
This simple approach removes the RedirectURL out of the hashing, which keeps the idP, client-ID, client-secret, scopes,
claims and optional parameters as a sufficient source of integrity signature.
It will allow Skipper to reuse the cookie where applicable and deduplicate where avoidable.

Docker image

Docker image is available in Zalando's Open Source registry:

docker run -it registry.opensource.zalan.do/pathfinder/skipper:v0.11.103 skipper --help
# arm64
docker run -it registry.opensource.zalan.do/pathfinder/skipper-arm64:v0.11.103 skipper --help
# arm v7 32bit
docker run -it registry.opensource.zalan.do/pathfinder/skipper-armv7:v0.11.103 skipper --help
Assets 8
Loading