From 1d0c61a6da8e9f3a03d05842018ca5c09c67ca11 Mon Sep 17 00:00:00 2001 From: Daniel Jiang Date: Fri, 27 Dec 2019 14:01:40 +0800 Subject: [PATCH] Disable XSRF check for /service/token This commit disables XSRF check for "service/token" so that when containerd sends `POST` it will not return 403 and containerd can fallback to `GET` to complete the workflow. Fixes #10305 Signed-off-by: Daniel Jiang --- src/core/service/token/token.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/core/service/token/token.go b/src/core/service/token/token.go index e378363ee..571205bdf 100644 --- a/src/core/service/token/token.go +++ b/src/core/service/token/token.go @@ -27,6 +27,13 @@ type Handler struct { beego.Controller } +// Prepare disables xsrf for /service/token endpoint. +// This is done on purpose b/c containerd will try to send POST and fallback to GET +// more details see #10305 +func (h *Handler) Prepare() { + h.EnableXSRF = false +} + // Get handles GET request, it checks the http header for user credentials // and parse service and scope based on docker registry v2 standard, // checks the permission against local DB and generates jwt token.