feat(config) change Kong headers configuration

Instead of introducing a config option for each and every header or set of headers, an array of these values can be now specified using the `headers` config option. Only headers or tokens specified in the headers will be set by Kong when applicable. The goal here is to move towards a simpler and easier to understand configuration, similar to 1b9976f (#3147).
Kong · Apr 13, 2018 · 37713c6 · 37713c6
1 parent 7285ff9
commit 37713c6
Show file tree

Hide file tree

Showing 9 changed files with 289 additions and 31 deletions.
diff --git a/kong.conf.default b/kong.conf.default
@@ -190,15 +190,27 @@
                                  # process. When this number is exceeded, the
                                  # least recently used connections are closed.
 
-#server_tokens = on              # Enables or disables emitting Kong version on
-                                 # error pages and in the "Server" or "Via"
-                                 # (in case the request was proxied) response
-                                 # header field.
-
-#latency_tokens = on             # Enables or disables emitting Kong latency
-                                 # information in the "X-Kong-Proxy-Latency"
-                                 # and "X-Kong-Upstream-Latency" response
-                                 # header fields.
+#headers = server_tokens, latency_tokens
+                                 # Specify Kong specific headers that should
+                                 # be sent with proxy requests.
+                                 # Only headers or tokens specified here will
+                                 # be set by Kong when applicable.
+                                 # Acceptable values are:
+                                 # server_tokens: add 'Via' and 'Server' headers
+                                 # latency_tokens: add 'X-Kong-Proxy-Latency'
+                                 # and 'X-Kong-Upstream-Latency'
+
+                                 # 'X-Kong-<header-name>': Kong will inject
+                                 # this header when applicable.
+                                 #eg:
+                                 #headers = server_tokens, X-Kong-Proxy-Latency
+                                 #Kong will set 'Server', 'Via' and
+                                 #'X-Kong-Proxy-Latency' headers when applicable
+
+                                 # This value can be set to `off`, thus disabling
+                                 # all headers that Kong wil inject.
+                                 # Note that this does not mean that plugins
+                                 # will not inject any headers.
 
 #trusted_ips =                   # Defines trusted IP addresses blocks that are
                                  # known to send correct X-Forwarded-* headers.

diff --git a/kong/conf_loader.lua b/kong/conf_loader.lua
@@ -17,6 +17,16 @@ local DEFAULT_PATHS = {
   "/etc/kong.conf"
 }
 
+local headers = constants.HEADERS
+local header_tokens = {
+  [headers.PROXY_LATENCY] = false,
+  [headers.UPSTREAM_LATENCY] = false,
+  [headers.SERVER] = false,
+  [headers.VIA] = false,
+  server_tokens = false,
+  latency_tokens = false,
+}
+
 local PREFIX_PATHS = {
   nginx_pid = {"pids", "nginx.pid"},
   nginx_err_logs = {"logs", "error.log"},
@@ -61,8 +71,7 @@ local CONF_INFERENCES = {
   nginx_user = {typ = "string"},
   nginx_worker_processes = {typ = "string"},
   upstream_keepalive = {typ = "number"},
-  server_tokens = {typ = "boolean"},
-  latency_tokens = {typ = "boolean"},
+  headers = {typ = "array"},
   trusted_ips = {typ = "array"},
   real_ip_header = {typ = "string"},
   real_ip_recursive = {typ = "ngx_boolean"},
@@ -278,6 +287,18 @@ local function check_and_infer(conf)
     end
   end
 
+  if conf.headers then
+    for _, token in ipairs(conf.headers) do
+      if token == "off" then
+          break
+      end
+
+      if header_tokens[token] == nil then
+        errors[#errors+1] = "headers: invalid entry '" .. tostring(token) .. "'"
+      end
+    end
+  end
+
   if conf.dns_resolver then
     for _, server in ipairs(conf.dns_resolver) do
       local dns = utils.normalize_ip(server)
@@ -587,6 +608,27 @@ local function load(path, custom_conf)
     end
   end
 
+  local header_tokens_clone = tablex.deepcopy(header_tokens)
+  -- load headers configuration
+  for _, token in ipairs(conf.headers) do
+    if token == "off" then
+        break
+    else
+      header_tokens_clone[token] = true
+    end
+  end
+
+  if header_tokens_clone.server_tokens then
+    header_tokens_clone[headers.SERVER] = true
+    header_tokens_clone[headers.VIA] = true
+  end
+
+  if header_tokens_clone.latency_tokens then
+    header_tokens_clone[headers.PROXY_LATENCY] = true
+    header_tokens_clone[headers.UPSTREAM_LATENCY] = true
+  end
+  conf.headers = header_tokens_clone
+
   -- load absolute paths
   conf.prefix = pl_path.abspath(conf.prefix)
 

diff --git a/kong/constants.lua b/kong/constants.lua
@@ -59,7 +59,9 @@ return {
     CONSUMER_GROUPS = "X-Consumer-Groups",
     FORWARDED_HOST = "X-Forwarded-Host",
     FORWARDED_PREFIX = "X-Forwarded-Prefix",
-    ANONYMOUS = "X-Anonymous-Consumer"
+    ANONYMOUS = "X-Anonymous-Consumer",
+    VIA = "Via",
+    SERVER = "Server"
   },
   RATELIMIT = {
     PERIODS = {

diff --git a/kong/core/error_handlers.lua b/kong/core/error_handlers.lua
@@ -1,4 +1,5 @@
 local singletons = require "kong.singletons"
+local constants   = require "kong.constants"
 
 local find = string.find
 local format = string.format
@@ -56,7 +57,7 @@ return function(ngx)
   local status = ngx.status
   message = BODIES["s" .. status] and BODIES["s" .. status] or format(BODIES.default, status)
 
-  if singletons.configuration.server_tokens then
+  if singletons.configuration.headers[constants.HEADERS.SERVER] then
     ngx.header["Server"] = SERVER_HEADER
   end
 

diff --git a/kong/core/handler.lua b/kong/core/handler.lua
@@ -696,17 +696,20 @@ return {
       local header = ngx.header
 
       if ctx.KONG_PROXIED then
-        if singletons.configuration.latency_tokens then
+        if singletons.configuration.headers[constants.HEADERS.UPSTREAM_LATENCY] then
           header[constants.HEADERS.UPSTREAM_LATENCY] = ctx.KONG_WAITING_TIME
-          header[constants.HEADERS.PROXY_LATENCY]    = ctx.KONG_PROXY_LATENCY
         end
 
-        if singletons.configuration.server_tokens then
+        if singletons.configuration.headers[constants.HEADERS.PROXY_LATENCY] then
+          header[constants.HEADERS.PROXY_LATENCY] = ctx.KONG_PROXY_LATENCY
+        end
+
+        if singletons.configuration.headers[constants.HEADERS.VIA] then
           header["Via"] = server_header
         end
 
       else
-        if singletons.configuration.server_tokens then
+        if singletons.configuration.headers[constants.HEADERS.SERVER] then
           header["Server"] = server_header
 
         else

diff --git a/kong/templates/kong_defaults.lua b/kong/templates/kong_defaults.lua
@@ -25,8 +25,7 @@ ssl_ciphers = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-EC
 admin_ssl_cert = NONE
 admin_ssl_cert_key = NONE
 upstream_keepalive = 60
-server_tokens = on
-latency_tokens = on
+headers = server_tokens, latency_tokens
 trusted_ips = NONE
 real_ip_header = X-Real-IP
 real_ip_recursive = off

diff --git a/spec-old-api/02-integration/05-proxy/12-server_tokens_spec.lua b/spec-old-api/02-integration/05-proxy/12-server_tokens_spec.lua
@@ -80,7 +80,7 @@ describe("Server Tokens", function()
 
     setup(start {
       nginx_conf    = "spec/fixtures/custom_nginx.template",
-      server_tokens = "on",
+      headers = "server_tokens",
     })
 
     teardown(helpers.stop_kong)
@@ -119,7 +119,7 @@ describe("Server Tokens", function()
 
     setup(start {
       nginx_conf    = "spec/fixtures/custom_nginx.template",
-      server_tokens = "off",
+      headers = "off",
     })
 
     teardown(helpers.stop_kong)
@@ -212,7 +212,7 @@ describe("Latency Tokens", function()
 
     setup(start {
       nginx_conf = "spec/fixtures/custom_nginx.template",
-      latency_tokens = "on",
+      headers = "latency_tokens",
     })
 
     teardown(helpers.stop_kong)
@@ -251,7 +251,7 @@ describe("Latency Tokens", function()
 
     setup(start {
       nginx_conf     = "spec/fixtures/custom_nginx.template",
-      latency_tokens = "off",
+      headers = "off",
     })
 
     teardown(function()

diff --git a/spec/01-unit/002-conf_loader_spec.lua b/spec/01-unit/002-conf_loader_spec.lua
@@ -342,6 +342,13 @@ describe("Configuration loader", function()
       assert.is_nil(conf)
       assert.equal([[dns_order: invalid entry 'CXAME']], err)
     end)
+    it("errors on bad entries in headers", function()
+      local conf, err = conf_loader(nil, {
+        headers = "server_tokens,Foo-Bar",
+      })
+      assert.is_nil(conf)
+      assert.equal([[headers: invalid entry 'Foo-Bar']], err)
+    end)
     it("errors when hosts have a bad format in cassandra_contact_points", function()
       local conf, err = conf_loader(nil, {
           database                 = "cassandra",