Bug 1290643

Summary: Wrong Forwarded Header format
Product: OpenShift Container Platform Reporter: Qi Yong <yoqi>
Component: NetworkingAssignee: Ram Ranganathan <ramr>
Networking sub component: router QA Contact: zhaozhanqi <zzhao>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: unspecified CC: aos-bugs, bleanhar, jokerman, pruan, wili
Version: 3.1.0   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-26 19:19:45 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Qi Yong 2015-12-11 02:34:44 UTC 
Description of problem:
Customer JAVA application is based on Spring Hateoas [2].The HTTP "Forwarded" Header sent by the Router component does not follow the RFC [1]. It uses "," to separate elements instead of ";". So it does not work with customer's JAVA application either. 

Sample:
Header von Openshift Router:
Forwarded: for=192.0.2.60,proto=http,by=203.0.113.43

According to RFC [1] it should be:
Forwarded: for=192.0.2.60;proto=http;by=203.0.113.43

RFE:
[1] https://tools.ietf.org/html/rfc7239#page-4
[2] https://github.com/spring-projects/spring-hateoas/blob/master/src/main/java/org/springframework/hateoas/mvc/ForwardedHeader.java

Version-Release number of selected component (if applicable):
3.1

How reproducible:


Steps to Reproduce:
1. oc rsh ROUTER-POD
2. vi /var/lib/haproxy/conf/haproxy.config
3. located "http-request set-header Forwarded for=%[src],host=%[req.hdr(host)],proto=%[req
.hdr(X-Forwarded-Proto)]"

Actual results:
http-request set-header Forwarded for=%[src],host=%[req.hdr(host)],proto=%[req
.hdr(X-Forwarded-Proto)]

Expected results:
http-request set-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req
.hdr(X-Forwarded-Proto)]


Additional info:
Comment 1 Ram Ranganathan 2015-12-15 20:07:57 UTC 
Fixed with PR:  https://github.com/openshift/origin/pull/6327
Comment 2 Ram Ranganathan 2015-12-17 19:06:47 UTC 
PR merged into origin.
Comment 3 zhaozhanqi 2015-12-18 08:55:59 UTC 
Already verified this bug on origin, will move 'verified' this bug once it is merged to OSE.
Comment 4 zhaozhanqi 2015-12-22 09:17:53 UTC 
This bug has been fix in OSE with router image:

rcm-img-docker01.build.eng.bos.redhat.com:5001/openshift3/ose-haproxy-router                     v3.1.1.0            fac972949d0e        2 days ago          412.7 MB


]# curl header-test-insecure-zzhao1.1222-i7n.qe.rhcloud.com
<pre>
  user-agent: curl/7.40.0
  host: header-test-insecure-zzhao1.1222-i7n.qe.rhcloud.com
  accept: */*
  x-forwarded-host: header-test-insecure-zzhao1.1222-i7n.qe.rhcloud.com
  x-forwarded-port: 80
  x-forwarded-proto: http
  forwarded: for=10.66.136.57;host=header-test-insecure-zzhao1.1222-i7n.qe.rhcloud.com;proto=http
  x-forwarded-for: 10.66.136.57
</pre>
Comment 6 errata-xmlrpc 2016-01-26 19:19:45 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2016:0070