Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: cannot disable plugins in apisix/2.15.1 #8603

Closed
tokers opened this issue Jan 4, 2023 · 3 comments
Closed

bug: cannot disable plugins in apisix/2.15.1 #8603

tokers opened this issue Jan 4, 2023 · 3 comments
Assignees
@spacewander
Labels
bug Something isn't working

Comments

@tokers
Copy link
Contributor

tokers commented Jan 4, 2023

Current Behavior

When using Apache APISIX 2.15.1, users cannot disable a plugin when setting the disable field to true. For instance, a CORS plugin config like the below will still be effective:

{
  "allow_credential": false,
  "allow_headers": "*",
  "allow_origins": "*",
  "expose_headers": "*",
  "allow_methods": "GET",
  "disable": true,
  "max_age": 5
}

This is due to a broken change introduced in APISIX 2.15.1 (see #8162), which causes the original disable field useless, and if you want to disable a plugin, you have to edit a new field _meta.disable.

This is a broken change, and should not be backported to the LTS release directly. The backward compatibility should be kept.

Expected Behavior

The disable field should be in effective in APISIX 2.15.1.

Error Logs

No error logs.

Steps to Reproduce

Create a route with a CORS plugin

curl http://127.0.0.1:9080/apisix/admin/routes -d '{
	"uri": "/get",
	"host": "test.httpbin.org",
	"upstream": {
		"type": "roundrobin",
		"nodes": [
			{"host": "httpbin.org", "port": 80, "weight": 100}
		]
	},
	"plugins": {
		"cors": {
  			"allow_credential": false,
			"allow_headers": "*",
			"allow_origins": "*",
			"expose_headers": "*",
			"allow_methods": "GET",
			"disable": true,
			"max_age": 5
		}
	}
}`

Send a request

curl http://127.0.0.1:9080/get -H 'Host: test.httpbin.org' -H 'Origin: a.com' -v

Response headers will be:

< HTTP/1.1 200 OK
< Content-Type: application/json
< Content-Length: 344
< Connection: keep-alive
< Date: Wed, 04 Jan 2023 03:53:26 GMT
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: true
< Server: APISIX/2.15.1
< Access-Control-Allow-Methods: GET
< Access-Control-Max-Age: 5
< Access-Control-Expose-Headers: *
< Access-Control-Allow-Headers: *

The CORS plugin was diabled, but still, CORS related headers were shown.

Environment

  • APISIX version (run apisix version): `2.15.1
  • Operating system (run uname -a):
  • OpenResty / Nginx version (run openresty -V or nginx -V):
  • etcd version, if relevant (run curl http://127.0.0.1:9090/v1/server_info):
  • APISIX Dashboard version, if relevant:
  • Plugin runner version, for issues related to plugin runners:
  • LuaRocks version, for installation issues (run luarocks --version):
@spacewander spacewander self-assigned this Jan 4, 2023
@spacewander spacewander added the bug Something isn't working label Jan 4, 2023
@spacewander
Copy link
Member

I check the commit log and it turns out that this break change is introduced when I solved the merge conflict.
Considering apisix/2.15.1 already contains this break change, we can't simply revert it, otherwise people will suffer a new break change in 2.15.2.

So my idea is to add the old disable feature back in release/2.15 branch, so both ways are supported in 2.15.2, which will be the upcoming release.

@tokers
Copy link
Contributor Author

tokers commented Jan 4, 2023

Agree with this idea. 👍🏻

spacewander added a commit to spacewander/incubator-apisix that referenced this issue Jan 5, 2023
@spacewander
fix: use previous way to disable plugins
ce2816a 
Fix apache#8603
Signed-off-by: spacewander <spacewanderlzx@gmail.com>
@spacewander spacewander mentioned this issue Jan 5, 2023
Merged
5 tasks
spacewander added a commit that referenced this issue Jan 6, 2023
@spacewander
fix: use previous way to disable plugins (#8609)
e1c3008 
Fixes #8603
@Hwting Hwting mentioned this issue Mar 13, 2023
Closed
@lingsamuel
Copy link
Member

I am going to close this since the PR has been merged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spacewander spacewander

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@spacewander @tokers @lingsamuel