fix: remove cookies when communicating with Harbor

Signed-off-by: Guilhem Barthés <[email protected]>

backend/image_transfer/common.py

@@ -2,6 +2,7 @@
 
 import json
 from enum import Enum
+from http.cookiejar import DefaultCookiePolicy
 from typing import IO
 from typing import Dict
 from typing import Iterator
@@ -156,3 +157,11 @@ def auth(self, dxf: DXFBase, response: requests.Response) -> Optional[str]:
         return dxf.authenticate(
             response=response,
         )
+
+
+# Remove all cookies, otherwise Harbor will send CSRF cookies, which does not make sense for API requests
+class DXFBaseNoCookies(DXFBase):
+    def __enter__(self: "DXFBaseNoCookies") -> "DXFBaseNoCookies":
+        super().__enter__()
+        self._sessions[0].cookies.set_policy(DefaultCookiePolicy(allowed_domains=[]))
+        return self

backend/image_transfer/decoder.py

@@ -16,6 +16,7 @@
 from image_transfer.common import Blob
 from image_transfer.common import BlobLocationInRegistry
 from image_transfer.common import BlobPathInZip
+from image_transfer.common import DXFBaseNoCookies
 from image_transfer.common import Manifest
 from image_transfer.common import PayloadDescriptor
 from image_transfer.common import PayloadSide
@@ -59,7 +60,7 @@ def push_payload(
     """
     authenticator = Authenticator()
 
-    with DXFBase(host=registry, auth=authenticator.auth, insecure=not secure) as dxf_base:
+    with DXFBaseNoCookies(host=registry, auth=authenticator.auth, insecure=not secure) as dxf_base:
         with safezip.ZipFile(zip_file, "r") as zip_file:
             return list(
                 load_zip_images_in_registry(dxf_base=dxf_base, zip_file=zip_file, repository=repository, strict=strict)