Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kong sends HTML error response when sending multiple Authorization headers #2085

Closed
wshirey opened this issue Feb 13, 2017 · 2 comments
Closed

Kong sends HTML error response when sending multiple Authorization headers #2085

wshirey opened this issue Feb 13, 2017 · 2 comments
Labels
task/feature Requests for new features in Kong

Comments

@wshirey
Copy link

wshirey commented Feb 13, 2017

Summary

Kong sends OpenResty HTML response instead of Kong standard JSON response when sending multiple Authorization headers.

<html>
    <head>
        <title>400 Bad Request</title>
    </head>
    <body bgcolor="white">
        <center>
            <h1>400 Bad Request</h1>
        </center>
        <hr>
        <center>openresty/1.11.2.2</center>
    </body>
</html>

Expected result should be in standard error message format like

{
  "message": "Unauthorized"
}

Steps To Reproduce

  1. Send request to KONG with multiple Authorization headers
curl -X GET "http://kong:8000/endpoint" \
  -H "Authorization: foo" \
  -H "Authorization: bar" \

Additional Details & Logs

  • Kong version: 0.10.rc3
  • Kong debug-level startup logs
kong start --vv
2017/02/13 16:46:41 [verbose] Kong: 0.10.0rc3
2017/02/13 16:46:41 [debug] ngx_lua: 10007
2017/02/13 16:46:41 [debug] nginx: 1011002
2017/02/13 16:46:41 [debug] Lua: LuaJIT 2.1.0-beta2
2017/02/13 16:46:41 [debug] PRNG seed: 181103205681
2017/02/13 16:46:41 [verbose] reading config file at /etc/kong/kong.conf
2017/02/13 16:46:41 [debug] admin_listen = "0.0.0.0:8001"
2017/02/13 16:46:41 [debug] admin_listen_ssl = "0.0.0.0:8444"
2017/02/13 16:46:41 [debug] admin_ssl = true
2017/02/13 16:46:41 [debug] anonymous_reports = true
2017/02/13 16:46:41 [debug] cassandra_consistency = "ONE"
2017/02/13 16:46:41 [debug] cassandra_contact_points = {"127.0.0.1"}
2017/02/13 16:46:41 [debug] cassandra_data_centers = {"dc1:2","dc2:3"}
2017/02/13 16:46:41 [debug] cassandra_keyspace = "kong"
2017/02/13 16:46:41 [debug] cassandra_lb_policy = "RoundRobin"
2017/02/13 16:46:41 [debug] cassandra_port = 9042
2017/02/13 16:46:41 [debug] cassandra_repl_factor = 1
2017/02/13 16:46:41 [debug] cassandra_repl_strategy = "SimpleStrategy"
2017/02/13 16:46:41 [debug] cassandra_ssl = false
2017/02/13 16:46:41 [debug] cassandra_ssl_verify = false
2017/02/13 16:46:41 [debug] cassandra_timeout = 5000
2017/02/13 16:46:41 [debug] cassandra_username = "kong"
2017/02/13 16:46:41 [debug] cluster_listen = "0.0.0.0:7946"
2017/02/13 16:46:41 [debug] cluster_listen_rpc = "127.0.0.1:7373"
2017/02/13 16:46:41 [debug] cluster_profile = "wan"
2017/02/13 16:46:41 [debug] cluster_ttl_on_failure = 3600
2017/02/13 16:46:41 [debug] custom_plugins = {"jwt-claims-validate"}
2017/02/13 16:46:41 [debug] database = "postgres"
2017/02/13 16:46:41 [debug] dns_hostsfile = "/etc/hosts"
2017/02/13 16:46:41 [debug] dns_resolver = {}
2017/02/13 16:46:41 [debug] log_level = "notice"
2017/02/13 16:46:41 [debug] lua_code_cache = "on"
2017/02/13 16:46:41 [debug] lua_package_cpath = ""
2017/02/13 16:46:41 [debug] lua_package_path = "?/init.lua;./kong/?.lua"
2017/02/13 16:46:41 [debug] lua_ssl_verify_depth = 1
2017/02/13 16:46:41 [debug] mem_cache_size = "128m"
2017/02/13 16:46:41 [debug] nginx_daemon = "on"
2017/02/13 16:46:41 [debug] nginx_optimizations = true
2017/02/13 16:46:41 [debug] nginx_worker_processes = "auto"
2017/02/13 16:46:41 [debug] pg_database = "kong"
2017/02/13 16:46:41 [debug] pg_host = "127.0.0.1"
2017/02/13 16:46:41 [debug] pg_port = 5432
2017/02/13 16:46:41 [debug] pg_ssl = false
2017/02/13 16:46:41 [debug] pg_ssl_verify = false
2017/02/13 16:46:41 [debug] pg_user = "kong"
2017/02/13 16:46:41 [debug] prefix = "/usr/local/kong/"
2017/02/13 16:46:41 [debug] proxy_listen = "0.0.0.0:8000"
2017/02/13 16:46:41 [debug] proxy_listen_ssl = "0.0.0.0:8443"
2017/02/13 16:46:41 [debug] serf_path = "serf"
2017/02/13 16:46:41 [debug] ssl = true
2017/02/13 16:46:41 [debug] upstream_keepalive = 60
2017/02/13 16:46:41 [verbose] prefix in use: /usr/local/kong
2017/02/13 16:46:41 [debug] sending signal to pid at: /usr/local/kong/pids/nginx.pid
2017/02/13 16:46:41 [debug] kill -0 `cat /usr/local/kong/pids/nginx.pid` >/dev/null 2>&1
  • Operating System : CentOS Linux release 7.3.1611 (Core)
@thibaultcha
Copy link
Member

I believe this would be because there is no error page set for HTTP 400 errors (see the default Nginx template). We'd have to investigate if there would be any side-effects (none that I can think of right now).

@Tieske Tieske added the task/needs-investigation Requires investigation and reproduction before classifying it as a bug or not. label Mar 2, 2017
@thibaultcha thibaultcha added task/feature Requests for new features in Kong and removed task/needs-investigation Requires investigation and reproduction before classifying it as a bug or not. labels Apr 28, 2017
@p0pr0ck5 p0pr0ck5 mentioned this issue May 1, 2017
Merged
@p0pr0ck5
Copy link
Contributor

p0pr0ck5 commented May 2, 2017

This is being done in #2476.

@p0pr0ck5 p0pr0ck5 closed this as completed May 2, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
task/feature Requests for new features in Kong
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Tieske @thibaultcha @wshirey @p0pr0ck5