Proxy does not handle empty request bodies correctly (except for HEAD and GET?) #447
Comments
|
The bug here is a combination of a few things:
In the long term, hyper is going to change it's body type to a trait with more methods that it can ask about if the body is empty. In the short term, I think a small addition in hyper to expose that server bodies are empty, and then a modification in the proxy to check that, can allow optionally setting the body in hyper client requests. |
seanmonstar
added a commit
that referenced
this issue
Feb 26, 2018
Closes #447 Signed-off-by: Sean McArthur <sean@seanmonstar.com>
seanmonstar
added a commit
that referenced
this issue
Feb 28, 2018
Closes #447 Signed-off-by: Sean McArthur <sean@seanmonstar.com>
seanmonstar
added a commit
that referenced
this issue
Mar 1, 2018
Closes #447 Signed-off-by: Sean McArthur <sean@seanmonstar.com>
seanmonstar
added a commit
that referenced
this issue
Mar 2, 2018
Closes #447 Signed-off-by: Sean McArthur <sean@seanmonstar.com>
seanmonstar
added a commit
that referenced
this issue
Mar 5, 2018
As a goal of being a transparent proxy, we want to proxy requests and responses with as little modification as possible. Basically, servers and clients should see messages that look the same whether the proxy was injected or not. With that goal in mind, we want to make sure that body headers (things like `Content-Length`, `Transfer-Encoding`, etc) are left alone. Prior to this commit, we at times were changing behavior. Sometimes `Transfer-Encoding` was added to requests, or `Content-Length: 0` may have been removed. While RC 7230 defines that differences are semantically the same, implementations may not handle them correctly. Now, we've added some fixes to prevent any of these header changes from occurring, along with tests to make sure library updates don't regress. For requests: - With no message body, `Transfer-Encoding: chunked` should no longer be added. - With `Content-Length: 0`, the header is forwarded untouched. For responses: - Tests were added that responses not allowed to have bodies (to HEAD requests, 204, 304) did not have `Transfer-Encoding` added. - Tests that `Content-Length: 0` is preserved. - Tests that HTTP/1.0 responses with no body headers do not have `Transfer-Encoding` added. - Tests that `HEAD` responses forward `Content-Length` headers (but not an actual body). Closes #447 Signed-off-by: Sean McArthur <sean@seanmonstar.com>
seanmonstar
added a commit
that referenced
this issue
Mar 6, 2018
As a goal of being a transparent proxy, we want to proxy requests and responses with as little modification as possible. Basically, servers and clients should see messages that look the same whether the proxy was injected or not. With that goal in mind, we want to make sure that body headers (things like `Content-Length`, `Transfer-Encoding`, etc) are left alone. Prior to this commit, we at times were changing behavior. Sometimes `Transfer-Encoding` was added to requests, or `Content-Length: 0` may have been removed. While RC 7230 defines that differences are semantically the same, implementations may not handle them correctly. Now, we've added some fixes to prevent any of these header changes from occurring, along with tests to make sure library updates don't regress. For requests: - With no message body, `Transfer-Encoding: chunked` should no longer be added. - With `Content-Length: 0`, the header is forwarded untouched. For responses: - Tests were added that responses not allowed to have bodies (to HEAD requests, 204, 304) did not have `Transfer-Encoding` added. - Tests that `Content-Length: 0` is preserved. - Tests that HTTP/1.0 responses with no body headers do not have `Transfer-Encoding` added. - Tests that `HEAD` responses forward `Content-Length` headers (but not an actual body). Closes #447 Signed-off-by: Sean McArthur <sean@seanmonstar.com>
seanmonstar
added a commit
that referenced
this issue
Mar 6, 2018
As a goal of being a transparent proxy, we want to proxy requests and responses with as little modification as possible. Basically, servers and clients should see messages that look the same whether the proxy was injected or not. With that goal in mind, we want to make sure that body headers (things like `Content-Length`, `Transfer-Encoding`, etc) are left alone. Prior to this commit, we at times were changing behavior. Sometimes `Transfer-Encoding` was added to requests, or `Content-Length: 0` may have been removed. While RC 7230 defines that differences are semantically the same, implementations may not handle them correctly. Now, we've added some fixes to prevent any of these header changes from occurring, along with tests to make sure library updates don't regress. For requests: - With no message body, `Transfer-Encoding: chunked` should no longer be added. - With `Content-Length: 0`, the header is forwarded untouched. For responses: - Tests were added that responses not allowed to have bodies (to HEAD requests, 204, 304) did not have `Transfer-Encoding` added. - Tests that `Content-Length: 0` is preserved. - Tests that HTTP/1.0 responses with no body headers do not have `Transfer-Encoding` added. - Tests that `HEAD` responses forward `Content-Length` headers (but not an actual body). Closes #447 Signed-off-by: Sean McArthur <sean@seanmonstar.com>
hawkw
pushed a commit
that referenced
this issue
Mar 6, 2018
Closes #447 Signed-off-by: Sean McArthur <sean@seanmonstar.com>
khappucino
pushed a commit
to Nordstrom/linkerd2
that referenced
this issue
Mar 5, 2019
As a goal of being a transparent proxy, we want to proxy requests and responses with as little modification as possible. Basically, servers and clients should see messages that look the same whether the proxy was injected or not. With that goal in mind, we want to make sure that body headers (things like `Content-Length`, `Transfer-Encoding`, etc) are left alone. Prior to this commit, we at times were changing behavior. Sometimes `Transfer-Encoding` was added to requests, or `Content-Length: 0` may have been removed. While RC 7230 defines that differences are semantically the same, implementations may not handle them correctly. Now, we've added some fixes to prevent any of these header changes from occurring, along with tests to make sure library updates don't regress. For requests: - With no message body, `Transfer-Encoding: chunked` should no longer be added. - With `Content-Length: 0`, the header is forwarded untouched. For responses: - Tests were added that responses not allowed to have bodies (to HEAD requests, 204, 304) did not have `Transfer-Encoding` added. - Tests that `Content-Length: 0` is preserved. - Tests that HTTP/1.0 responses with no body headers do not have `Transfer-Encoding` added. - Tests that `HEAD` responses forward `Content-Length` headers (but not an actual body). Closes linkerd#447 Signed-off-by: Sean McArthur <sean@seanmonstar.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
This is a follow-up to #402 to track the real solution to the problem that the proxy doesn't handle requests without a body correctly. The PR for #402 only partially resolves the issue. Really we should fix the real issue. I very vaguely understand that to require some changes to the Hyper API or some other more drastic solution.
In particular, DELETE will almost never have a request body, so many REST APis would be affected by this.
/cc @olix0r @seanmonstar
The text was updated successfully, but these errors were encountered: