envoyproxy · alyssawilk · Jan 20, 2021 · Jan 14, 2021 · Jan 19, 2021 · Jan 19, 2021
diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst
@@ -33,6 +33,7 @@ Removed Config or Runtime
 * access_logs: removed legacy unbounded access logs and runtime guard `envoy.reloadable_features.disallow_unbounded_access_logs`.
 * dynamic_forward_proxy: removed `envoy.reloadable_features.enable_dns_cache_circuit_breakers` and legacy code path.
 * http: removed legacy HTTP/1.1 error reporting path and runtime guard `envoy.reloadable_features.early_errors_via_hcm`.
+* http: removed legacy sanitization path for upgrade response headers and runtime guard `envoy.reloadable_features.fix_upgrade_response`.
 
 New Features
 ------------

diff --git a/source/common/http/conn_manager_utility.cc b/source/common/http/conn_manager_utility.cc
@@ -390,9 +390,7 @@ void ConnectionManagerUtility::mutateResponseHeaders(ResponseHeaderMap& response
     }
   } else {
     response_headers.removeConnection();
-    if (Runtime::runtimeFeatureEnabled("envoy.reloadable_features.fix_upgrade_response")) {
-      response_headers.removeUpgrade();
-    }
+    response_headers.removeUpgrade();
   }
 
   response_headers.removeTransferEncoding();

diff --git a/source/common/runtime/runtime_features.cc b/source/common/runtime/runtime_features.cc
@@ -65,7 +65,6 @@ constexpr const char* runtime_features[] = {
     "envoy.reloadable_features.consume_all_retry_headers",
     "envoy.reloadable_features.check_ocsp_policy",
     "envoy.reloadable_features.disable_tls_inspector_injection",
-    "envoy.reloadable_features.fix_upgrade_response",
     "envoy.reloadable_features.fix_wildcard_matching",
     "envoy.reloadable_features.fixed_connection_close",
     "envoy.reloadable_features.hcm_stream_error_on_invalid_message",

diff --git a/test/common/http/conn_manager_utility_test.cc b/test/common/http/conn_manager_utility_test.cc
@@ -801,42 +801,6 @@ TEST_F(ConnectionManagerUtilityTest, ClearUpgradeHeadersForNonUpgradeRequests) {
   }
 }
 
-TEST_F(ConnectionManagerUtilityTest, ClearUpgradeHeadersForNonUpgradeRequestsLegacy) {
-  TestScopedRuntime scoped_runtime;
-  Runtime::LoaderSingleton::getExisting()->mergeValues(
-      {{"envoy.reloadable_features.fix_upgrade_response", "false"}});
-
-  // Test with the request headers not valid upgrade headers
-  {
-    TestRequestHeaderMapImpl request_headers{{"upgrade", "foo"}};
-    TestResponseHeaderMapImpl response_headers{{"connection", "upgrade"},
-                                               {"transfer-encoding", "eep"},
-                                               {"upgrade", "foo"},
-                                               {"custom_header", "custom_value"}};
-    EXPECT_FALSE(Utility::isUpgrade(request_headers));
-    EXPECT_TRUE(Utility::isUpgrade(response_headers));
-    ConnectionManagerUtility::mutateResponseHeaders(response_headers, &request_headers, config_,
-                                                    "");
-
-    EXPECT_EQ(2UL, response_headers.size()) << response_headers;
-    EXPECT_EQ("custom_value", response_headers.get_("custom_header"));
-    EXPECT_EQ("foo", response_headers.get_("upgrade"));
-  }
-
-  // Test with the response headers not valid upgrade headers
-  {
-    TestRequestHeaderMapImpl request_headers{{"connection", "UpGrAdE"}, {"upgrade", "foo"}};
-    TestResponseHeaderMapImpl response_headers{{"transfer-encoding", "foo"}, {"upgrade", "bar"}};
-    EXPECT_TRUE(Utility::isUpgrade(request_headers));
-    EXPECT_FALSE(Utility::isUpgrade(response_headers));
-    ConnectionManagerUtility::mutateResponseHeaders(response_headers, &request_headers, config_,
-                                                    "");
-
-    EXPECT_EQ(1UL, response_headers.size()) << response_headers;
-    EXPECT_EQ("bar", response_headers.get_("upgrade"));
-  }
-}
-
 // Test that we correctly return x-request-id if we were requested to force a trace.
 TEST_F(ConnectionManagerUtilityTest, MutateResponseHeadersReturnXRequestId) {
   TestResponseHeaderMapImpl response_headers;