New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The push command sends a POST request with an empty Content-Type header #41621
Comments
Thanks for reporting; looks like that code is coming from a dependency that we use; the source code for that is coming from the https://github.com/docker/distribution repository. Looking for that line in the code, I see it was originally added in distribution/distribution@ce614b6, which was part of distribution/distribution#387 (https://github.com/docker/distribution/pull/387/files#diff-83220d00e31f5405e8bfa78525b47db3d1cf3c9376da699a84f953ff3a94b882R345) @dmcgowan @tiborvass do you recall if there was a specific reason for this, or was it because no content-type header was expected for this specific request? |
Not intentional, the Go library isn't doing what was expected in this case and just always sets the header even if empty. This could be fixed by replacing |
The fix seems to be easy, should I open a pull request here or in docker/distribution? |
Has the issue been fixed and released to public? I have a similar use case wherein I am trying to push an image through a reverse proxy and noticed that the docker client still sends
Also, I am not really sure if I completely understood what @thaJeztah meant by:
Since it's the docker client that is sending the request with empty header, shouldn't the fix be applied in docker/engine? If someone could provide some information, would be of great help thanks. |
The code was fixed in the "distribution" library (distribution/distribution#3289 / distribution/distribution#3297), but has not yet been included in a release of that library
The bug is in the client library that's maintained in the https://github.com/distribution/distribution repository. The "docker engine" uses that library as a build-time dependency (so the source code for the function in which the bug is, compiled into the docker/engine). This repository has a copy of that code in the "vendor" directory, but we don't make changes to vendored code (otherwise integrity validation would fail);
|
Description
In our company, we have an internal docker registry behind a Web-Application-Firewall that handles the traffic incoming from the outside of our network. We had to analyze why
docker push
fails if a request has to go through the WAF. Quickly we found out that it receives a POST-request (after a HEAD-request) from the docker client and blocks it due to the emptyContent-Type
header.Looks like this request is invoked from repository.go:739
According to the protocol's RFC, if the header is set its value must not be empty:
(otherwise, it would be
1#media-type
for instance, see the conventions for #rule)Hence I think for better compliance with the RFC, it is better to omit Content-Type completely rather than to have it with an empty value If the POST request does not have a body
Output of
docker version
:Output of
docker info
:Additional environment details (AWS, VirtualBox, physical, etc.):
WSL2
The text was updated successfully, but these errors were encountered: