What The operator adds and updates annotations on builds. These annotations include external links which the proxy will attempt to stream from. Because the user will be guided to these links via the ui, we should ensure we are not being proxied off to a potentially malicious site if someone has managed to modify the build object. How At deployment time, we inject the build server address into the operator which it gets deployed with. When a http request hits the proxy api, we should verify that the address we intend to route the request too, matches the one we know about in our environment. |
