remove support for setting CORS headers (deprecated)

thaJeztah · thaJeztah · commit ae96ce866f4b · 2024-07-22T21:29:44.000+02:00
Configuring CORS headers was deprecated in docker 27.0 through 7ea9acc, which disabled them by default with a temporary `DOCKERD_DEPRECATED_CORS_HEADER` env-var to allow using the option. This patch removes the feature altogether; the flag is kept for one more release to allow printing a more informative error, but can be removed in the next release. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
diff --git a/api/server/middleware/cors.go b/api/server/middleware/cors.go
diff --git a/cmd/dockerd/config.go b/cmd/dockerd/config.go
@@ -75,7 +75,8 @@ func installCommonConfigFlags(conf *config.Config, flags *pflag.FlagSet) {
 
 	// Deprecated flags / options
 
-	flags.StringVar(&conf.CorsHeaders, "api-cors-header", "", "Set CORS headers in the Engine API; deprecated, and will be removed in the next release")
+	// TODO(thaJeztah): option is used to produce error when used; remove in next release
+	flags.StringVar(&conf.CorsHeaders, "api-cors-header", "", "Set CORS headers in the Engine API; deprecated: this feature was deprecated in 27.0, and now removed")
 	_ = flags.MarkDeprecated("api-cors-header", "accessing Docker API through a browser is insecure; use a reverse proxy if you need CORS headers")
 	flags.BoolVarP(&conf.AutoRestart, "restart", "r", true, "--restart on the daemon has been deprecated in favor of --restart policies on docker run")
 	_ = flags.MarkDeprecated("restart", "Please use a restart policy on docker run")
diff --git a/cmd/dockerd/daemon.go b/cmd/dockerd/daemon.go
@@ -735,7 +735,7 @@ func (opts routerOptions) Build() []router.Router {
 	return routers
 }
 
-func initMiddlewares(ctx context.Context, s *apiserver.Server, cfg *config.Config, pluginStore plugingetter.PluginGetter) (*authorization.Middleware, error) {
+func initMiddlewares(_ context.Context, s *apiserver.Server, cfg *config.Config, pluginStore plugingetter.PluginGetter) (*authorization.Middleware, error) {
 	exp := middleware.NewExperimentalMiddleware(cfg.Experimental)
 	s.UseMiddleware(exp)
 
@@ -745,12 +745,6 @@ func initMiddlewares(ctx context.Context, s *apiserver.Server, cfg *config.Confi
 	}
 	s.UseMiddleware(*vm)
 
-	if cfg.CorsHeaders != "" && os.Getenv("DOCKERD_DEPRECATED_CORS_HEADER") != "" {
-		log.G(ctx).Warn(`DEPRECATED: The "api-cors-header" config parameter and the dockerd "--api-cors-header" option will be removed in the next release. Use a reverse proxy if you need CORS headers.`)
-		c := middleware.NewCORSMiddleware(cfg.CorsHeaders) //nolint:staticcheck // ignore SA1019 (NewCORSMiddleware is deprecated); will be removed in the next release.
-		s.UseMiddleware(c)
-	}
-
 	authzMiddleware := authorization.NewMiddleware(cfg.AuthorizationPlugins, pluginStore)
 	s.UseMiddleware(authzMiddleware)
 	return authzMiddleware, nil
diff --git a/daemon/config/config.go b/daemon/config/config.go
@@ -160,7 +160,7 @@ type CommonConfig struct {
 	Root                  string   `json:"data-root,omitempty"`
 	ExecRoot              string   `json:"exec-root,omitempty"`
 	SocketGroup           string   `json:"group,omitempty"`
-	CorsHeaders           string   `json:"api-cors-header,omitempty"` // Deprecated: CORS headers should not be set on the API. This feature will be removed in the next release.
+	CorsHeaders           string   `json:"api-cors-header,omitempty"` // Deprecated: CORS headers should not be set on the API. This feature will be removed in the next release. // TODO(thaJeztah): option is used to produce error when used; remove in next release
 
 	// Proxies holds the proxies that are configured for the daemon.
 	Proxies `json:"proxies"`
@@ -683,6 +683,11 @@ func Validate(config *Config) error {
 		}
 	}
 
+	if config.CorsHeaders != "" {
+		// TODO(thaJeztah): option is used to produce error when used; remove in next release
+		return errors.New(`DEPRECATED: The "api-cors-header" config parameter and the dockerd "--api-cors-header" option have been removed; use a reverse proxy if you need CORS headers`)
+	}
+
 	// validate platform-specific settings
 	return config.ValidatePlatformConfig()
 }

Original file line number	Diff line number	Diff line change
`@@ -160,7 +160,7 @@ type CommonConfig struct {`
`160`	`160`	Root string `json:"data-root,omitempty"`
`161`	`161`	ExecRoot string `json:"exec-root,omitempty"`
`162`	`162`	SocketGroup string `json:"group,omitempty"`
`163`		- CorsHeaders string `json:"api-cors-header,omitempty"` // Deprecated: CORS headers should not be set on the API. This feature will be removed in the next release.
	`163`	+ CorsHeaders string `json:"api-cors-header,omitempty"` // Deprecated: CORS headers should not be set on the API. This feature will be removed in the next release. // TODO(thaJeztah): option is used to produce error when used; remove in next release
`164`	`164`
`165`	`165`	`// Proxies holds the proxies that are configured for the daemon.`
`166`	`166`	Proxies `json:"proxies"`
`@@ -683,6 +683,11 @@ func Validate(config *Config) error {`
`683`	`683`	`}`
`684`	`684`	`}`
`685`	`685`
	`686`	`+ if config.CorsHeaders != "" {`
	`687`	`+ // TODO(thaJeztah): option is used to produce error when used; remove in next release`
	`688`	+ return errors.New(`DEPRECATED: The "api-cors-header" config parameter and the dockerd "--api-cors-header" option have been removed; use a reverse proxy if you need CORS headers`)
	`689`	`+ }`
	`690`	`+`
`686`	`691`	`// validate platform-specific settings`
`687`	`692`	`return config.ValidatePlatformConfig()`
`688`	`693`	`}`