Bug 1290643 - Wrong Forwarded Header format
Wrong Forwarded Header format
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Routing (Show other bugs)
3.1.0
Unspecified All
unspecified Severity medium
: ---
: ---
Assigned To: Ram Ranganathan
zhaozhanqi
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-10 21:34 EST by Qi Yong
Modified: 2016-05-11 18:52 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-01-26 14:19:45 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Qi Yong 2015-12-10 21:34:44 EST
Description of problem:
Customer JAVA application is based on Spring Hateoas [2].The HTTP "Forwarded" Header sent by the Router component does not follow the RFC [1]. It uses "," to separate elements instead of ";". So it does not work with customer's JAVA application either. 

Sample:
Header von Openshift Router:
Forwarded: for=192.0.2.60,proto=http,by=203.0.113.43

According to RFC [1] it should be:
Forwarded: for=192.0.2.60;proto=http;by=203.0.113.43

RFE:
[1] https://tools.ietf.org/html/rfc7239#page-4
[2] https://github.com/spring-projects/spring-hateoas/blob/master/src/main/java/org/springframework/hateoas/mvc/ForwardedHeader.java

Version-Release number of selected component (if applicable):
3.1

How reproducible:


Steps to Reproduce:
1. oc rsh ROUTER-POD
2. vi /var/lib/haproxy/conf/haproxy.config
3. located "http-request set-header Forwarded for=%[src],host=%[req.hdr(host)],proto=%[req
.hdr(X-Forwarded-Proto)]"

Actual results:
http-request set-header Forwarded for=%[src],host=%[req.hdr(host)],proto=%[req
.hdr(X-Forwarded-Proto)]

Expected results:
http-request set-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req
.hdr(X-Forwarded-Proto)]


Additional info:
Comment 1 Ram Ranganathan 2015-12-15 15:07:57 EST
Fixed with PR:  https://github.com/openshift/origin/pull/6327
Comment 2 Ram Ranganathan 2015-12-17 14:06:47 EST
PR merged into origin.
Comment 3 zhaozhanqi 2015-12-18 03:55:59 EST
Already verified this bug on origin, will move 'verified' this bug once it is merged to OSE.
Comment 4 zhaozhanqi 2015-12-22 04:17:53 EST
This bug has been fix in OSE with router image:

rcm-img-docker01.build.eng.bos.redhat.com:5001/openshift3/ose-haproxy-router                     v3.1.1.0            fac972949d0e        2 days ago          412.7 MB


]# curl header-test-insecure-zzhao1.1222-i7n.qe.rhcloud.com
<pre>
  user-agent: curl/7.40.0
  host: header-test-insecure-zzhao1.1222-i7n.qe.rhcloud.com
  accept: */*
  x-forwarded-host: header-test-insecure-zzhao1.1222-i7n.qe.rhcloud.com
  x-forwarded-port: 80
  x-forwarded-proto: http
  forwarded: for=10.66.136.57;host=header-test-insecure-zzhao1.1222-i7n.qe.rhcloud.com;proto=http
  x-forwarded-for: 10.66.136.57
</pre>
Comment 6 errata-xmlrpc 2016-01-26 14:19:45 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2016:0070

Note You need to log in before you can comment on or make changes to this bug.