You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using envoyExtAuthzHttp, and particularly the option HeadersToUpstreamOnAllow i just realized that at least when using an exact match, that match is case-sensitive. I realize that "exact" may mean case-sensitive, nevertheless, in the context of headers, as rfc2616 says:
Each header field consists of a name followed by a colon (":") and the field value. Field names are case-insensitive.
I don't know if there's a reason for this, IMO the default should be case insensitive, maybe exposing the ignore_case flag on the envoy StringMatcher.
If anyone considers this is better filed as feature, please just leave a comment and i'll do it, from my point of view, this
would require at least clearly state that this option is case sensitive in the docs.
Thank you
Version
client version: 1.10.3
control plane version: 1.11.2
data plane version: 1.11.2 (20 proxies)
Client Version: v1.21.3
Server Version: v1.19.12-gke.2101
the authorizerservice was returning the headers in lowercase as x-roles, and as a result, the request was not being injected with that header. Once i changed the meshconfig to lowercase to fullfil the exact match, it worked.
The text was updated successfully, but these errors were encountered:
I also came across this, and took quite some time to figure out why things were not working. Docs not mentioning about the case-sensitivity did not help.
Given http headers are case-insensitive by the spec, these matching should also be case insensitive by default.
yeah, I think we can just make it case insensitive by default to conform to the spec, @sunbit will you be able take this issue? should be a simple change, let me know if you need any help, thanks.
Bug Description
When using envoyExtAuthzHttp, and particularly the option
HeadersToUpstreamOnAllow
i just realized that at least when using an exact match, that match is case-sensitive. I realize that "exact" may mean case-sensitive, nevertheless, in the context of headers, as rfc2616 says:I don't know if there's a reason for this, IMO the default should be case insensitive, maybe exposing the
ignore_case
flag on the envoy StringMatcher.If anyone considers this is better filed as feature, please just leave a comment and i'll do it, from my point of view, this
would require at least clearly state that this option is case sensitive in the docs.
Thank you
Version
Additional Information
Istio operator configured as:
the
authorizer
service was returning the headers in lowercase asx-roles
, and as a result, the request was not being injected with that header. Once i changed the meshconfig to lowercase to fullfil the exact match, it worked.The text was updated successfully, but these errors were encountered: