fix!: removed second auth header #6
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR removes the deprecated second auth header usage and related endpoints in favor of the standard "Authorization" header, reducing the risk of secret leakage. Key changes include:
- Removal of endpoints handling MCP authorization and the associated files (handlerWellKnownKubeconfig.go, handlerBtpSO.go).
- Updating of handler logic in mainHandler.go and _categoryHandler to exclusively use the "Authorization" header.
- Elimination of JSONPath handling in favor of solely supporting JQ in response processing.
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| internal/server/server.go | Removed routes for "/.well-known/openmcp/kubeconfig" and "/btp-so" endpoints |
| internal/server/handlerWellKnownKubeconfig.go | Removed the entire file as it relates to the deprecated auth header handling |
| internal/server/handlerMain.go | Updated auth header usage; removed fields and logic related to secondary and JSONPath support |
| internal/server/handlerCategory.go | Updated auth header usage and removed JSONPath-based logic in favor of JQ support |
| internal/server/handlerBtpSO.go | Removed the entire file to deprecate the old auth handling mechanism |
Comments suppressed due to low confidence (3)
internal/server/server.go:15
- Since the routes '/.well-known/openmcp/kubeconfig' and '/btp-so' are removed, please update any corresponding API documentation or changelogs to reflect these endpoint removals.
mux.HandleFunc("/.well-known/openmcp/kubeconfig", defaultHandler(shared, wellKnownKubeconfigHandler))
internal/server/handlerMain.go:125
- The removal of the JSONPath branch in favor of solely using JQ may impact clients that rely on JSONPath processing. If JSONPath support is no longer required, please ensure this change is communicated and tested accordingly.
if (data.JQ == "") || k8sResp.StatusCode >= 400 {
internal/server/handlerCategory.go:110
- The JSONPath branch has been removed in _categoryHandler, which may affect clients expecting JSONPath support. Confirm that this change aligns with the overall API design and that clients have been notified of the adjustment.
if data.JQ != "" {
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Builds on: #4
This PR removes the MCPAuthorization header in favor of just using one auth header, the
Authorization.This follows best practices and reduces the risk of secret leakage, as the
Authorizationheader is the pre defined http default header for tokens and authorization information and is respected in reverse proxies etc.