mirror of
https://github.com/optim-enterprises-bv/kubernetes.git
synced 2025-11-02 19:28:16 +00:00
4ac5f278c5
Automatic merge from submit-queue [CRI] Don't include user data in CRI streaming redirect URLs Fixes: https://github.com/kubernetes/kubernetes/issues/36187 Avoid userdata in the redirect URLs by caching the {Exec,Attach,PortForward}Requests with a unique token. When the redirect URL is created, the token is substituted for the request params. When the streaming server receives the token request, the token is used to fetch the actual request parameters out of the cache. For additional security, the token is generated using the secure random function, is single use (i.e. the first request with the token consumes it), and has a short expiration time. /cc @kubernetes/sig-node