-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: add post request headers only if auth request method is post #11021
Conversation
Should the Transfer-Encoding header be removed? If APISIX is trying to just pass through the bytes of the request body, we'll need to send the Transfer-Encoding header to make sure the auth server knows how to interpret the bytes. |
Hi could you also handle this case? and add test cases? |
@BrandonArp My initial reading about the transfer encoding was that its set in the responses rather than request, further research suggests it can be used in both request and responses as well. Ill add back the header. Do you think we need to add content-encoding header as well, authserver should also know if the content is encoded. |
Hello abhishek. I have submitted a PR regarding your issue, and I hope it can be of help to you. At the same time, I would greatly appreciate your assistance in reviewing and finalizing the test cases. |
Content-Encoding should be added at some point. I'm not very familiar with the APISIX architecture, so I don't know if it would be added somewhere else. If this is the only place we're adding headers, then yes, it should be added. Otherwise the auth server won't know how to interpret the body. |
Thanks @BrandonArp. Let me know one of the contributor. @shreemaan-abhishek Can you help with the content-encoding header, I think its required by the authserver if its present in the request. |
the content-encoding header should also be passed. Also, test cases should be added to support this PR. |
Apologies for the delay, will add the testcases over the weekend(24th March). |
@shreemaan-abhishek @BrandonArp Added the testcases, please review |
@shreemaan-abhishek @BrandonArp Can you please give approval for workflows to run. |
} | ||
|
||
if conf.request_method == "POST" then | ||
auth_headers["Content-Length"] = core.request.header(ctx, "content-length") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For HTTP requests, if the request header contains the ["Content-Length"] field, the request body should be included.
So I think this request header should not be included.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@membphis If the auth server request_method
is POST, the same upstream body is being forwarded to auth server as well, thats why we need this header incase its present. Below code reference is where body is being added to auth api request.
@BrandonArp @shreemaan-abhishek Got these following errros in the tests, could you please help.
|
@suryaprabhakark sorry for the delayed response, the CI failure was very likely a flaky error I have re-ran the CI. |
…ache#11021) author: suryaprabhakark
author: suryaprabhakark sync apache#11021
Description
forward-auth plugin doesn't work if the request is POST and authservice api is GET. Its happening due to forwading the POST method request headers like content-type and expect. Moved these headers only if authserver api is also POST.
Fixes # (issue)
Fixes the issue with forward-auth plugin with POST headers.
#10927
#11020
Checklist