New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http: add support for skipping any port from host header #14491
http: add support for skipping any port from host header #14491
Conversation
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
// Without setting this option, incoming requests with host `example:443` will not match against | ||
// route with :ref:`domains<envoy_api_field_config.route.v3.VirtualHost.domains>` match set to `example`. Defaults to `false`. Note that port removal is not part | ||
// of `HTTP spec <https://tools.ietf.org/html/rfc3986>`_ and is provided for convenience. | ||
bool strip_any_host_port = 42; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does it make sense to make it oneof with the above field? Was wondering about it but did not because it needs to go through oneof_promotion dance - Not sure if it is worth it here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I think it should be a oneof, but can you use the next major version oneof upgrade? I agree it's not worth doing the deprecation dance for this but marking it as such seems worth while.
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At a high level LGTM. Just a few small comments. Thank you!
/wait
// Without setting this option, incoming requests with host `example:443` will not match against | ||
// route with :ref:`domains<envoy_api_field_config.route.v3.VirtualHost.domains>` match set to `example`. Defaults to `false`. Note that port removal is not part | ||
// of `HTTP spec <https://tools.ietf.org/html/rfc3986>`_ and is provided for convenience. | ||
bool strip_any_host_port = 42; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I think it should be a oneof, but can you use the next major version oneof upgrade? I agree it's not worth doing the deprecation dance for this but marking it as such seems worth while.
@@ -439,10 +439,15 @@ class ConnectionManagerConfig { | |||
virtual bool shouldMergeSlashes() const PURE; | |||
|
|||
/** | |||
* @return if the HttpConnectionManager should remove the port from host/authority header | |||
* @return if the HttpConnectionManager should remove the matching port from host/authority header | |||
*/ | |||
virtual bool shouldStripMatchingPort() const PURE; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Even though we can't do it at the API level right now, perhaps make this a single function that returns an enum of the strip type? That would eventually work with a oneof and I think always strip is a superset anyway so it should be fine?
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
@mattklein123 Made changes. PTAL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks LGTM with small comments.
/wait
// Determines if the port part should be removed from host/authority header before any processing | ||
// of request by HTTP filters or routing. The port would be removed only if request method is not CONNECT. | ||
// This affects the upstream host header as well. | ||
// Without setting this option, incoming requests with host `example:443` will not match against | ||
// route with :ref:`domains<envoy_api_field_config.route.v3.VirtualHost.domains>` match set to `example`. Defaults to `false`. Note that port removal is not part | ||
// of `HTTP spec <https://tools.ietf.org/html/rfc3986>`_ and is provided for convenience. | ||
// Only one of `strip_matching_host_port` or `strip_any_host_port` can be set. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
doc nit: this comment should be inside the oneof and above the field to render correctly I think.
/** | ||
* Type that indicates how port should be stripped from Host header. | ||
*/ | ||
enum class StripPortType { MatchingHost, Any, None }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add a brief comment on what each of these does?
@@ -427,7 +428,9 @@ bool ConnectionManagerUtility::maybeNormalizePath(RequestHeaderMap& request_head | |||
void ConnectionManagerUtility::maybeNormalizeHost(RequestHeaderMap& request_headers, | |||
const ConnectionManagerConfig& config, | |||
uint32_t port) { | |||
if (config.shouldStripMatchingPort()) { | |||
if (config.stripPortType() == Http::StripPortType::Any) { | |||
HeaderUtility::stripPortFromHost(request_headers, 0); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of passing 0 as a sentinel, can you use absl::optional to make this more clear?
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
@mattklein123 addressed the comments. PTAL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks LGTM with 2 small comments.
/wait
source/common/http/header_utility.h
Outdated
* @brief Remove the port part from host/authority header if it is equal to provided port or | ||
* provided port is 0. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
needs updating
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry. Missed it. Fixed now.
if (config.strip_any_host_port()) { | ||
strip_port_type_ = Http::StripPortType::Any; | ||
} else if (config.strip_matching_host_port()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Given that defaults are false, can we check if both are true and throw an error? I think this is safe to do and will approximate the future oneof?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. We can do that. Changed and added a test. PTAL
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Commit Message: add support for skipping any port from host header
Additional Description: Adds a new config to HCM to skip any port in the host header similar to strip_matching_host_port.
Risk Level: Low
Testing: Added
Docs Changes: Updated
Release Notes: Added
Fixes #12647