OCPBUGS-52835: Fix incorrect auth token cookie for metrics requests

TheRealJon · TheRealJon · commit c9a520456bf3 · 2025-05-05T17:16:14.000-04:00
diff --git a/pkg/metrics/handler.go b/pkg/metrics/handler.go
@@ -1,14 +1,18 @@
 package metrics
 
-import "net/http"
+import (
+	"net/http"
+	"strings"
+)
 
 func AddHeaderAsCookieMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		// Requests from prometheus-k8s have the access token in headers instead of cookies.
 		// This allows metric requests with proper tokens in either headers or cookies.
 		if r.URL.Path == "/metrics" {
 			openshiftSessionCookieName := "openshift-session-token"
-			openshiftSessionCookieValue := r.Header.Get("Authorization") // FIXME: in OIDC setup, this actually ends up checking the token "Bearer <jwt>" to the underlying auth layer - instead of `<jwt>`.
+			openshiftSessionCookieValue := r.Header.Get("Authorization")
+			openshiftSessionCookieValue = strings.TrimPrefix(openshiftSessionCookieValue, "Bearer ")
 			r.AddCookie(&http.Cookie{Name: openshiftSessionCookieName, Value: openshiftSessionCookieValue})
 		}
 		next.ServeHTTP(w, r)
