From 9601b3ed0f4f2d0e42859efa03c8a4b903a1022d Mon Sep 17 00:00:00 2001
From: Jean-Louis Leysens <jloleysens@gmail.com>
Date: Mon, 15 Jun 2020 16:54:30 +0200
Subject: [PATCH] [Console] Scrub the lead and trailing brackets from ipv6 host
 names (#68991) (#69150)

* scrub the lead and trailing brackets from ipv6 host names

* Update comment

* refactor: scrub -> sanitize

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
---
 src/plugins/console/server/lib/proxy_request.ts | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/plugins/console/server/lib/proxy_request.ts b/src/plugins/console/server/lib/proxy_request.ts
index 4c6c7c21f32a49..fb07b7c49a0038 100644
--- a/src/plugins/console/server/lib/proxy_request.ts
+++ b/src/plugins/console/server/lib/proxy_request.ts
@@ -34,6 +34,13 @@ interface Args {
   rejectUnauthorized?: boolean;
 }
 
+/**
+ * Node http request library does not expect there to be trailing "[" or "]"
+ * characters in ipv6 host names.
+ */
+const sanitizeHostname = (hostName: string): string =>
+  hostName.trim().replace(/^\[/, '').replace(/\]$/, '');
+
 // We use a modified version of Hapi's Wreck because Hapi, Axios, and Superagent don't support GET requests
 // with bodies, but ES APIs do. Similarly with DELETE requests with bodies. Another library, `request`
 // diverged too much from current behaviour.
@@ -67,7 +74,7 @@ export const proxyRequest = ({
     method: method.toUpperCase(),
     // We support overriding this on a per request basis to support legacy proxy config. See ./proxy_config.
     rejectUnauthorized: typeof rejectUnauthorized === 'boolean' ? rejectUnauthorized : undefined,
-    host: hostname,
+    host: sanitizeHostname(hostname),
     port: port === '' ? undefined : parseInt(port, 10),
     protocol,
     path: `${pathname}${search || ''}`,