http: add support for skipping any port from host header #14491
Conversation
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
ramaraochavali
requested review from
alyssawilk and
mattklein123
as code owners
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
| // Without setting this option, incoming requests with host `example:443` will not match against | ||
| // route with :ref:`domains<envoy_api_field_config.route.v3.VirtualHost.domains>` match set to `example`. Defaults to `false`. Note that port removal is not part | ||
| // of `HTTP spec <https://tools.ietf.org/html/rfc3986>`_ and is provided for convenience. | ||
| bool strip_any_host_port = 42; |
There was a problem hiding this comment.
Does it make sense to make it oneof with the above field? Was wondering about it but did not because it needs to go through oneof_promotion dance - Not sure if it is worth it here.
There was a problem hiding this comment.
Yeah I think it should be a oneof, but can you use the next major version oneof upgrade? I agree it's not worth doing the deprecation dance for this but marking it as such seems worth while.
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
| // Without setting this option, incoming requests with host `example:443` will not match against | ||
| // route with :ref:`domains<envoy_api_field_config.route.v3.VirtualHost.domains>` match set to `example`. Defaults to `false`. Note that port removal is not part | ||
| // of `HTTP spec <https://tools.ietf.org/html/rfc3986>`_ and is provided for convenience. | ||
| bool strip_any_host_port = 42; |
There was a problem hiding this comment.
Yeah I think it should be a oneof, but can you use the next major version oneof upgrade? I agree it's not worth doing the deprecation dance for this but marking it as such seems worth while.
| @@ -439,10 +439,15 @@ class ConnectionManagerConfig { | |||
| virtual bool shouldMergeSlashes() const PURE; | |||
|
|
|||
| /** | |||
| * @return if the HttpConnectionManager should remove the port from host/authority header | |||
| * @return if the HttpConnectionManager should remove the matching port from host/authority header | |||
| */ | |||
| virtual bool shouldStripMatchingPort() const PURE; | |||
There was a problem hiding this comment.
Even though we can't do it at the API level right now, perhaps make this a single function that returns an enum of the strip type? That would eventually work with a oneof and I think always strip is a superset anyway so it should be fine?
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
|
@mattklein123 Made changes. PTAL |
| // Determines if the port part should be removed from host/authority header before any processing | ||
| // of request by HTTP filters or routing. The port would be removed only if request method is not CONNECT. | ||
| // This affects the upstream host header as well. | ||
| // Without setting this option, incoming requests with host `example:443` will not match against | ||
| // route with :ref:`domains<envoy_api_field_config.route.v3.VirtualHost.domains>` match set to `example`. Defaults to `false`. Note that port removal is not part | ||
| // of `HTTP spec <https://tools.ietf.org/html/rfc3986>`_ and is provided for convenience. | ||
| // Only one of `strip_matching_host_port` or `strip_any_host_port` can be set. |
There was a problem hiding this comment.
doc nit: this comment should be inside the oneof and above the field to render correctly I think.
| /** | ||
| * Type that indicates how port should be stripped from Host header. | ||
| */ | ||
| enum class StripPortType { MatchingHost, Any, None }; |
There was a problem hiding this comment.
Can you add a brief comment on what each of these does?
| @@ -427,7 +428,9 @@ bool ConnectionManagerUtility::maybeNormalizePath(RequestHeaderMap& request_head | |||
| void ConnectionManagerUtility::maybeNormalizeHost(RequestHeaderMap& request_headers, | |||
| const ConnectionManagerConfig& config, | |||
| uint32_t port) { | |||
| if (config.shouldStripMatchingPort()) { | |||
| if (config.stripPortType() == Http::StripPortType::Any) { | |||
| HeaderUtility::stripPortFromHost(request_headers, 0); | |||
There was a problem hiding this comment.
Instead of passing 0 as a sentinel, can you use absl::optional to make this more clear?
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
|
@mattklein123 addressed the comments. PTAL |
source/common/http/header_utility.h
Outdated
| * @brief Remove the port part from host/authority header if it is equal to provided port or | ||
| * provided port is 0. |
There was a problem hiding this comment.
Sorry. Missed it. Fixed now.
| if (config.strip_any_host_port()) { | ||
| strip_port_type_ = Http::StripPortType::Any; | ||
| } else if (config.strip_matching_host_port()) { |
There was a problem hiding this comment.
Given that defaults are false, can we check if both are true and throw an error? I think this is safe to do and will approximate the future oneof?
There was a problem hiding this comment.
Yes. We can do that. Changed and added a test. PTAL
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Commit Message: add support for skipping any port from host header
Additional Description: Adds a new config to HCM to skip any port in the host header similar to strip_matching_host_port.
Risk Level: Low
Testing: Added
Docs Changes: Updated
Release Notes: Added
Fixes #12647