57e6899d86
Annotations: Fix log format. ( #13998 )
2025-09-30 08:36:17 -07:00
2fb7fd2e5c
Annotations/AuthTLS: Allow named redirects. ( #13752 )
...
Signed-off-by: Dean Coakley <dean.s.coakley@gmail.com>
2025-08-25 02:01:09 -07:00
da24841bc9
Config/Annotations: Remove `proxy-busy-buffers-size` default value. ( #13780 )
2025-08-18 06:39:12 -07:00
cca7690f31
Security: Harden socket creation and validate error code input. ( #13765 )
2025-08-16 22:54:57 +02:00
4e1b438988
Docs: Use HTTPS for NGINX links. ( #13653 )
...
Co-authored-by: marcel2012 <13705842+marcel2012@users.noreply.github.com>
2025-07-23 01:44:27 -07:00
75a590772c
Config/Annotations: Fix `proxy-busy-buffers-size`. ( #13610 )
2025-07-18 09:56:26 -07:00
cbf5f27508
Docs: Fix function names in comments. ( #13517 )
...
Signed-off-by: cuithon <dscs@outlook.com>
2025-06-15 22:32:58 -07:00
8c1ecd7655
Annotations: Allow ciphers with underscores. ( #13110 )
2025-04-01 07:14:41 -07:00
cfe3923bd6
Controller: Several security fixes. ( #13068 )
...
Co-authored-by: Tabitha Sable <tabitha.c.sable@gmail.com>
2025-03-24 16:04:38 -07:00
07a1133585
Go: Bump to v1.24.1. ( #12935 )
2025-03-05 06:35:45 -08:00
68a35a8a12
Go: Replace `golang.org/x/exp/slices` with `slices`. ( #12779 )
...
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2025-02-03 05:26:57 -08:00
698c3c0df1
Annotations: Deny newlines. ( #12640 )
2025-01-10 15:24:31 -08:00
29d1e2014b
Annotations: Reload on custom header changes. ( #11709 )
2025-01-09 12:36:31 -08:00
d1dc3e827f
Config/Annotations: Add `proxy-busy-buffers-size`. ( #12433 )
2024-12-05 18:10:00 +00:00
0a927b65af
Allow CORS `Access-Control-Allow-Origin: null` ( #12402 )
2024-11-24 17:32:55 +00:00
698960e9b7
Config/Annotations: Add `relative-redirects`. ( #12161 )
2024-11-13 21:02:48 +00:00
7f0350b4b3
Auth TLS: Add `_` to redirect RegEx. ( #12325 )
2024-11-07 20:32:44 +00:00
ca81d5bcdd
Auth TLS: Improve redirect RegEx. ( #12249 )
2024-11-07 00:19:29 +00:00
4f23049374
Fix minor typos ( #11935 )
2024-09-06 15:59:43 +01:00
2cec24143d
Allow any protocol for cors origins ( #11153 )
...
Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
2024-08-31 16:26:45 +01:00
d4c49112a4
Annotations: Allow commas in URLs. ( #11882 )
...
Signed-off-by: James Strong <strong.james.e@gmail.com>
2024-08-26 23:39:30 +02:00
21cd966d1c
Remove global-rate-limit feature ( #11851 )
2024-08-25 21:03:29 +01:00
24450ea509
Add custom code handling for temporal redirect ( #10651 )
...
Co-authored-by: Ricardo Katz <rikatz@users.noreply.github.com>
2024-08-23 21:10:20 +01:00
cf8e374290
Auto-generate annotation docs ( #11820 )
2024-08-18 16:13:18 -07:00
1a13bf5c0d
Missing anchors in regular expression. ( #11717 )
...
Co-authored-by: André Storfjord Kristiansen <33384479+dev-bio@users.noreply.github.com>
2024-08-01 15:56:56 -07:00
e1d81b7818
Docs: Clarify `from-to-www` redirect direction. ( #11682 )
...
* docs: Clarify from-to-www redirect direction.
This was not clear to me when reading the docs whether the ingress will
redirect from non-www to with-www or the reverse. It's also not very
clear from just grepping around the codebase. I found the answer by
reading from this reddit link:
https://www.reddit.com/r/kubernetes/comments/pbl033/k8s_ingress_redirecting_www_to_nonwww_domains/
So, to save time for other people doing the same, which I assumes is a
lot of people since it's a common scenario, this little revision in the
docs is warranted.
* Docs: Implement suggestion.
---------
Co-authored-by: Marco Ebert <marco_ebert@icloud.com>
2024-07-29 01:28:45 -07:00
bcb98c0c8d
fix: Ensure changes in MatchCN annotation are detected ( #11173 )
2024-07-01 13:48:24 -07:00
5639979cb5
removed tlsv1 & tlsv1.1 ( #11343 )
2024-05-28 11:37:30 -07:00
7379b80459
Fix function name in comment ( #11296 )
...
Signed-off-by: cuiyourong <cuiyourong@gmail.com>
2024-04-23 04:27:06 -07:00
1f4ee0e235
feat: add annotation to allow to add custom response headers ( #9742 )
...
* add custom headers
Signed-off-by: Christian Groschupp <christian@groschupp.org>
* add tests
Signed-off-by: Christian Groschupp <christian@groschupp.org>
* add docs
* update copyright
* change comments
* add e2e test customheaders
* add custom headers validation
* remove escapeLiteralDollar filter
* validate value in custom headers
* add regex for header value
* fix annotation test
* Revert "remove escapeLiteralDollar filter"
This reverts commit ab48392b60dee4ce146a4c17e046849f9633c7fb.
* add annotationConfig
* fix test
* fix golangci-lint findings
* fix: add missung exp module
---------
Signed-off-by: Christian Groschupp <christian@groschupp.org>
2024-04-09 03:25:22 -07:00
12fbe9b163
golangci-lint update, ci cleanup, group dependabot updates ( #11071 )
...
* bump golangci-lint to v1.56.x
Signed-off-by: cpanato <ctadeu@gmail.com>
* cleanup empty lines
Signed-off-by: cpanato <ctadeu@gmail.com>
* group dependabot updates
Signed-off-by: cpanato <ctadeu@gmail.com>
* run on job changes as well
Signed-off-by: cpanato <ctadeu@gmail.com>
* remove deprecated checks
Signed-off-by: cpanato <ctadeu@gmail.com>
* fix lints and format
Signed-off-by: cpanato <ctadeu@gmail.com>
---------
Signed-off-by: cpanato <ctadeu@gmail.com>
2024-03-07 02:39:53 -08:00
fa0bf81984
Bump go libraries ( #11023 )
...
* Bump go libraries
* Fix update codegen execution
* Fix errors on klog
* Fix gzip test
* Bump libraries on webhook certgen
* Fix webhook-certgen compilation
2024-02-27 09:52:42 -08:00
1bc745619d
Include SECLEVEL and STRENGTH as part of ssl-cipher list validation ( #10754 )
2024-01-05 15:50:34 +01:00
05d68a1512
annotation validation: validate regex in common name annotation ( #10657 )
...
* fix common name validation
* add tests
2024-01-04 15:56:57 +01:00
6807537a70
upgrade go 1.21.5 ( #10732 )
...
* upgrade go 1.21.5
Signed-off-by: James Strong <strong.james.e@gmail.com>
* update golang gha
Signed-off-by: James Strong <strong.james.e@gmail.com>
* supgrade golang lint ci to v1.55.2
* sfix all golang lint ci errors
* sget a nginx build as well
* srevert some e2e changes
* srevert some e2e changes
---------
Signed-off-by: James Strong <strong.james.e@gmail.com>
2023-12-08 01:52:14 +01:00
ad406b64d8
Add override for proxy_intercept_errors when using Custom HTTP Errors ( #9497 )
...
* added proxy-intercept-errors config option
* fixed error when comparing locations
* fixed missing location config from annotation
added e2e test
* reversed logic for proxy-intercept-errors to disable-proxy-intercept-errors
* reversed logic to disable-proxy-intercept-errors
* reversed logic
* default has to be false
* put comment in same line as return
* run gofmt
* fixing wrong Boilerplate header
* updated code to new IngressAnnotation interface
* fixes to satisfy PR comments
* synced with upstream; fixed typo
* gofumpt disableproxyintercepterrors.go
* gofumpt
2023-11-17 05:43:54 +01:00
e0446d7554
annotation validation - extended URLWithNginxVariableRegex from alphaNumericChars to extendedAlphaNumeric ( #10652 )
2023-11-15 17:40:00 +01:00
da51393cac
fix(cors): ensure trailing comma treated as empty value to be ignored ( #10616 )
...
* fix(cors): ensure trailing comma treated as empty value to be ignored
Signed-off-by: Ardika Bagus <me@ardikabs.com>
* test(cors): add e2e test
Signed-off-by: Ardika Bagus <me@ardikabs.com>
---------
Signed-off-by: Ardika Bagus <me@ardikabs.com>
2023-11-07 19:02:48 +01:00
30820a5acc
Deprecate opentracing ( #10615 )
2023-11-05 01:58:35 +01:00
13d95d026a
fix: adjust unfulfillable validation check for session-cookie-samesite annotation ( #10600 )
2023-11-01 23:09:00 +01:00
9cdd51d5dc
fix: Validate x-forwarded-prefix annotation with RegexPathWithCapture ( #10598 )
2023-11-01 23:08:51 +01:00
a879829408
Fix fcgi configmap value parsing ( #10528 )
2023-10-17 01:10:16 +02:00
8b53cabe03
Bump curl and Go version ( #10503 )
...
* Bump curl and Go version
* Add NGINX BAse image scanning
* Try again
2023-10-11 16:16:11 +02:00
cf889c6c47
Disable user snippets per default ( #10393 )
...
* Disable user snippets per default
* Enable snippet on tests
2023-09-10 20:02:10 -07:00
b3060bfbd0
Fix golangci-lint errors ( #10196 )
...
* Fix golangci-lint errors
Signed-off-by: z1cheng <imchench@gmail.com>
* Fix dupl errors
Signed-off-by: z1cheng <imchench@gmail.com>
* Fix comments
Signed-off-by: z1cheng <imchench@gmail.com>
* Fix errcheck lint errors
Signed-off-by: z1cheng <imchench@gmail.com>
* Fix assert in e2e test
Signed-off-by: z1cheng <imchench@gmail.com>
* Not interrupt the waitForPodsReady
Signed-off-by: z1cheng <imchench@gmail.com>
* Replace string with constant
Signed-off-by: z1cheng <imchench@gmail.com>
* Fix comments
Signed-off-by: z1cheng <imchench@gmail.com>
* Revert write file permision
Signed-off-by: z1cheng <imchench@gmail.com>
---------
Signed-off-by: z1cheng <imchench@gmail.com>
2023-08-31 00:36:48 -07:00
5d8185c9d7
Handle request_id variable correctly in auth requests ( #9219 )
...
* Handle $request_id variable correctly in auth requests
* Make share_all_vars configurable
* Fix test name
2023-08-07 06:16:32 -07:00
c5f348ea2e
Implement annotation validation ( #9673 )
...
* Add validation to all annotations
* Add annotation validation for fcgi
* Fix reviews and fcgi e2e
* Add flag to disable cross namespace validation
* Add risk, flag for validation, tests
* Add missing formating
* Enable validation by default on tests
* Test validation flag
* remove ajp from list
* Finalize validation changes
* Add validations to CI
* Update helm docs
* Fix code review
* Use a better name for annotation risk
2023-07-21 20:32:07 -07:00
ebb6314494
Deprecate and remove AJP support ( #10158 )
2023-07-02 02:26:49 -07:00
cccba35005
Revert "Remove fastcgi feature" ( #10081 )
...
* Revert "Remove fastcgi feature (#9864 )"
This reverts commit 90ed0ccdbe
2023-06-13 12:55:59 -07:00
90ed0ccdbe
Remove fastcgi feature ( #9864 )
2023-06-11 13:33:47 -07:00
Myst
Dean Coakley
Marco Ebert
Michael
Marcel
pando85
cuithon
steve21168
Eng Zer Jun
James Strong
Jurgen Goelen
Boris Kreitchman
Elizabeth Martin Campos
chriss-de
Nathan Baulch
Adam Sunderland
Ricardo Katz
lou-lan
Jintao Zhang
Chakrit Wichian
wdullaer
Long Wu Yuan
cuiyourong
Christian Groschupp
Carlos Tadeu Panato Junior
kbweave
Philipp Sauter
Filip Havlíček
Ardika Bagus S
Simon Wessel
Matt Dainty
Chen Chen
Gabor Lekeny