Skip to content

Fix Missing x-amz-content-sha256 #127

Open
AinzRimuru wants to merge 3 commits intocmliu:mainfrom
AinzRimuru:main
Open

Fix Missing x-amz-content-sha256 #127
AinzRimuru wants to merge 3 commits intocmliu:mainfrom
AinzRimuru:main

Conversation

@AinzRimuru
Copy link
Copy Markdown
Contributor

@AinzRimuru AinzRimuru commented Sep 9, 2025

Testing with the same image, the currently public deployed version cannot be pulled, but the modified version works fine.

@AinzRimuru
Copy link
Copy Markdown
Contributor Author

AinzRimuru commented Sep 9, 2025

#123

@AinzRimuru
Copy link
Copy Markdown
Contributor Author

AinzRimuru commented Sep 9, 2025

Acknowledgment https://linux.do/t/topic/436134

@AinzRimuru
Copy link
Copy Markdown
Contributor Author

AinzRimuru commented Nov 4, 2025

Continue fixing the issue of this site being unable to be added to Harbor.

@cmliu cmliu requested a review from Copilot November 24, 2025 05:18
Copilot AI reviewed Nov 24, 2025
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR attempts to fix a missing x-amz-content-sha256 header issue that prevented Docker image pulls from working. The fix changes the header construction approach from explicitly setting selected headers to copying all headers from the incoming request.

Key Changes:

  • Replaced manual header construction with new Headers(request.headers) to copy all request headers
  • Removed explicit header assignments for User-Agent, Accept, Accept-Language, Accept-Encoding, Connection, and Cache-Control
  • Removed explicit Host header assignment (previously set to hub_host)

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread _worker.js
},
headers: new Headers(request.headers),
cacheTtl: 3600 // 缓存时间
};
Copy link

Copilot AI Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Host header conflict will cause request failures. By copying all headers from the original request (line 593), the Host header will point to the worker's domain (e.g., your-worker.workers.dev), not the target registry domain (hub_host like registry-1.docker.io). This mismatch will cause the upstream registry to reject requests. The original code explicitly set 'Host': hub_host to ensure the correct target host. After copying headers, explicitly override the Host header: parameter.headers.set('Host', hub_host);

Suggested change
};
};
// Ensure Host header is set to the upstream registry
parameter.headers.set('Host', hub_host);

Copilot uses AI. Check for mistakes.
Comment thread _worker.js
'Connection': 'keep-alive',
'Cache-Control': 'max-age=0'
},
headers: new Headers(request.headers),
Copy link

Copilot AI Nov 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security concern: Copying all request headers without filtering may forward sensitive headers that should not be passed to the upstream registry. Headers like Cookie, CF-* (Cloudflare headers), X-Forwarded-*, X-Real-IP, and other client-specific or infrastructure headers could be inappropriately forwarded. Additionally, the original Host header from the client request will not match the target hub_host, which could cause request routing issues. Consider explicitly setting only the required headers or filtering out sensitive/infrastructure headers after copying.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AinzRimuru