Bug 1803001
Summary: | Forwarded header includes empty quoted proto-version parameter | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Felipe M <fmarting> |
Component: | Networking | Assignee: | Daneyon Hansen <dhansen> |
Networking sub component: | router | QA Contact: | Hongan Li <hongli> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | low | ||
Priority: | low | CC: | aos-bugs, dmace, evadla, mmasters, shudili |
Version: | 4.2.0 | ||
Target Milestone: | --- | ||
Target Release: | 4.5.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause: When the ingress controller forwarded an HTTP request to an application, the ingress controller would add a Forwarded HTTP header with a non-standard "proto-version" parameter.
Consequence: The Forwarded header was not standards-compliant, which could cause problems when applications tried to parse the header value.
Fix: The ingress controller was modified not to specify any "proto-version" parameter in the Forwarded header.
Result: The Forwarded header should now be standards-compliant.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-07-13 17:15:07 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1816544 |
Description
Felipe M
2020-02-14 10:03:15 UTC
Good morning, thanks for the quick response! Will this be backported to 4.2? Thanks, F. verified with 4.5.0-0.nightly-2020-03-18-115438 and the `proto-version` header has been removed. $ oc -n openshift-ingress rsh router-default-565f46859f-qg2s8 sh-4.2$ grep proto haproxy-config.template -C 2 {{- if matchPattern "(v4)?v6" $router_ip_v4_v6_mode }} # See the quoting rules in https://tools.ietf.org/html/rfc7239 for IPv6 addresses (v4 addresses get translated to v6 when in hybrid mode) http-request add-header Forwarded for=\"[%[src]]\";host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] {{- else }} http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] {{- end }} Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409 Hi team, whether/will this can be backported to 3.11. Regards, Eswar. |