Ability to disable Envoy adding server headers to responses #4906
Conversation
vishal-chdhry
requested review from
stevesloka and
sunjayBhatia
and removed request for
a team
|
The Contour project currently lacks enough contributors to adequately respond to all PRs. This bot triages PRs according to the following rules:
You can:
Please send feedback to the #contour channel in the Kubernetes Slack |
github-actions
bot
added
the
lifecycle/stale
skriss
removed
the
lifecycle/stale
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
vishal-chdhry
changed the title
There was a problem hiding this comment.
- Also need to add the new field to https://github.com/projectcontour/contour/blob/main/site/content/docs/main/configuration.md for the config file
- We'll need to add some unit testing as well, can add pointers in the next round of review
internal/xdscache/v3/listener.go
Outdated
| @@ -125,6 +125,9 @@ type ListenerConfig struct { | |||
| // MergeSlashes toggles Envoy's non-standard merge_slashes path transformation option for all listeners. | |||
| MergeSlashes bool | |||
|
|
|||
| // ServerHeaderTransformation signifies we will not modify the Server header. | |||
There was a problem hiding this comment.
Update godoc to reflect enum nature
There was a problem hiding this comment.
| // ServerHeaderTransformation signifies we will not modify the Server header. | |
| // ServerHeaderTransformation defines the action to be applied to the Server header on the response path. |
|
@vishal-chdhry just wanted to let you know that we are planning to cut a release candidate for 1.24 ~next Monday, so if possible it'd be great to get this updated by then. |
sure, i will be on it right away |
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
|
@skriss how should I add the unit tests? |
|
Unit tests to add:
|
skriss
added
the
release-note/small
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
@skriss done |
There was a problem hiding this comment.
@vishal-chdhry one more round of minor feedback and then I think this is about ready to merge.
internal/xdscache/v3/listener.go
Outdated
| @@ -125,6 +125,9 @@ type ListenerConfig struct { | |||
| // MergeSlashes toggles Envoy's non-standard merge_slashes path transformation option for all listeners. | |||
| MergeSlashes bool | |||
|
|
|||
| // ServerHeaderTransformation signifies we will not modify the Server header. | |||
There was a problem hiding this comment.
| // ServerHeaderTransformation signifies we will not modify the Server header. | |
| // ServerHeaderTransformation defines the action to be applied to the Server header on the response path. |
| // When configured as APPEND_IF_ABSENT, If no Server header is present, append Server server_name If a Server header is present, pass it through. | ||
| // When configured as PASS_THROUGH, Pass through the value of the server header, and do not append a header if none is present. | ||
| // | ||
| // Values: `OVERWRITE` (default), `APPEND_IF_ABSENT`, `PASS_THROUGH` |
There was a problem hiding this comment.
@sunjayBhatia WDYT about casing here of the values here? For DNS lookup family we lowercased, but I don't see existing multi-word options. I guess we could switch these to lowercase, but honestly not sure if there's any point in doing so.
There was a problem hiding this comment.
actually it's an integer in envoy
There was a problem hiding this comment.
hm yeah as you say many if not all the other relevant consts in this package and pkg/config we define are lowercase, so for consistency we could switch to that, since we're not really going to pass the value straight through to Envoy it doesn't really matter
skriss
added
release-note/minor
|
Looks like you need to re-run |
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
… disable-envoy-adding-server
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
There was a problem hiding this comment.
LGTM other than the enum value casing change, which we can change in a follow-up PR so we can get this in. Thanks for the work on this @vishal-chdhry!
|
Just noticed that there are some unit test failures that need to be addressed. |
Signed-off-by: Steve Kriss <krisss@vmware.com>
|
I pushed fixes so we can get this in for the RC. |
Signed-off-by: Steve Kriss <krisss@vmware.com>
Codecov Report
Additional details and impacted files@@ Coverage Diff @@
## main #4906 +/- ##
==========================================
+ Coverage 77.55% 77.60% +0.05%
==========================================
Files 138 138
Lines 16789 16837 +48
==========================================
+ Hits 13021 13067 +46
- Misses 3513 3516 +3
+ Partials 255 254 -1
|
|
Pushed the lowercasing changes here too. |
| @@ -336,6 +336,18 @@ type EnvoyListenerConfig struct { | |||
| // +optional | |||
| DisableMergeSlashes *bool `json:"disableMergeSlashes,omitempty"` | |||
|
|
|||
| // Defines the action to be applied to the Server header on the response path | |||
| // When configured as overwrite, overwrites any Server header with the contents of server_name. | |||
There was a problem hiding this comment.
in this section probably replace server_name with envoy? since we don't make it configurable (i think this was copied from the envoy docs)
| // Defines the action to be applied to the Server header on the response path | ||
| // When configured as overwrite, overwrites any Server header with the contents of server_name. | ||
| // When configured as append_if_absent, If no Server header is present, append Server server_name If a Server header is present, pass it through. | ||
| // When configured as pass_through, pPass through the value of the server header, and do not append a header if none is present. |
There was a problem hiding this comment.
| // When configured as pass_through, pPass through the value of the server header, and do not append a header if none is present. | |
| // When configured as pass_through, pass through the value of the server header, and do not append a header if none is present. |
| type ServerHeaderTransformationType string | ||
|
|
||
| const ( | ||
| // Overwrite any Server header with the contents of server_name. |
There was a problem hiding this comment.
maybe similar here with server_name
pkg/config/parameters.go
Outdated
| @@ -489,6 +505,14 @@ type Parameters struct { | |||
| // which strips duplicate slashes from request URL paths. | |||
| DisableMergeSlashes bool `yaml:"disableMergeSlashes,omitempty"` | |||
|
|
|||
| // Defines the action to be applied to the Server header on the response path | |||
| // When configured as overwrite, overwrites any Server header with the contents of server_name. | |||
There was a problem hiding this comment.
similar comment about server_name
Signed-off-by: Steve Kriss <krisss@vmware.com>
…rojectcontour#4906) Adds support for configuring Envoy's server header transformation, which customizes how Envoy treats the Server header on responses. The Server header can now be passed through as-is or only set to "envoy" if no other value is present, in addition to the default behavior of always setting the Server header to "envoy". Closes projectcontour#4359. Signed-off-by: Vishal Choudhary <contactvishaltech@gmail.com> Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: Steve Kriss <krisss@vmware.com> Co-authored-by: Steve Kriss <krisss@vmware.com>
Signed-off-by: Vishal Choudhary contactvishaltech@gmail.com
adds
server_header_transformationon HTTPConnectionManagerFixes: #4359