Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow opt-in for informational headers #2612

Open
olix0r opened this issue Apr 2, 2019 · 0 comments
Open

Allow opt-in for informational headers #2612

olix0r opened this issue Apr 2, 2019 · 0 comments
Labels
area/inject area/proxy area/security priority/P1 Planned for Release
Projects
2.10 - backlog

Comments

@olix0r
Copy link
Member

olix0r commented Apr 2, 2019

#2597 describes how, when an https ingress is configured, the inbound proxy is skipped in favor of TCP forwarding, so the headers set by the outbound proxy are not properly scrubbed, and ingress routers typically forward them blindly to external clients.

We should allow applications to opt-in to these headers at inject-time, and we should enable this by default for the control plane.
@olix0r olix0r mentioned this issue Apr 2, 2019
Closed
@grampelberg grampelberg added the priority/P1 Planned for Release label Apr 3, 2019
@olix0r olix0r added this to To do in 2.5 - Tap Hardening Apr 3, 2019
@siggy siggy added this to To do in 2.6 - Release via automation Aug 15, 2019
@siggy siggy removed this from To do in 2.5 - Tap Hardening Aug 15, 2019
@grampelberg grampelberg removed this from To do in 2.6 - Release Sep 17, 2019
@grampelberg grampelberg added this to To do in 2.7 - Release via automation Sep 17, 2019
@grampelberg grampelberg mentioned this issue Nov 22, 2019
Closed
@grampelberg grampelberg removed this from To do in 2.7 - Release Dec 2, 2019
@grampelberg grampelberg added this to To do in 2.8 - Release via automation Dec 2, 2019
@grampelberg grampelberg added priority/P0 Release Blocker and removed priority/P1 Planned for Release labels Dec 2, 2019
@grampelberg grampelberg removed this from To do in 2.8 - Release Mar 24, 2020
@grampelberg grampelberg added this to To do in Next Release via automation Mar 24, 2020
@admc admc removed this from To do in Next Release May 4, 2020
@admc admc added this to To do in 2.8 - Release via automation May 4, 2020
@admc admc removed this from To do in 2.8 - Release May 4, 2020
@admc admc added this to To do in 2.9 - backlog via automation May 4, 2020
@ihcsim ihcsim removed the priority/P0 Release Blocker label Jul 13, 2020
@grampelberg grampelberg removed this from To do in 2.9 - backlog Sep 28, 2020
@grampelberg grampelberg added this to To do in 2.10 - backlog via automation Sep 28, 2020
@grampelberg grampelberg added the priority/P1 Planned for Release label Sep 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/inject area/proxy area/security priority/P1 Planned for Release
Projects
No open projects
2.10 - backlog
To do
Milestone
No milestone
Development

No branches or pull requests
3 participants
@grampelberg @olix0r @ihcsim