Bug 1290643 - Wrong Forwarded Header format
Wrong Forwarded Header format
Product: OpenShift Container Platform
Classification: Red Hat
Component: Routing (Show other bugs)
Unspecified All
unspecified Severity medium
: ---
: ---
Assigned To: Ram Ranganathan
Depends On:
  Show dependency treegraph
Reported: 2015-12-10 21:34 EST by Qi Yong
Modified: 2016-05-11 18:52 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-01-26 14:19:45 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:0070 normal SHIPPED_LIVE Important: Red Hat OpenShift Enterprise 3.1.1 bug fix and enhancement update 2016-01-26 19:12:41 EST

  None (edit)
Description Qi Yong 2015-12-10 21:34:44 EST
Description of problem:
Customer JAVA application is based on Spring Hateoas [2].The HTTP "Forwarded" Header sent by the Router component does not follow the RFC [1]. It uses "," to separate elements instead of ";". So it does not work with customer's JAVA application either. 

Header von Openshift Router:
Forwarded: for=,proto=http,by=

According to RFC [1] it should be:
Forwarded: for=;proto=http;by=

[1] https://tools.ietf.org/html/rfc7239#page-4
[2] https://github.com/spring-projects/spring-hateoas/blob/master/src/main/java/org/springframework/hateoas/mvc/ForwardedHeader.java

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. oc rsh ROUTER-POD
2. vi /var/lib/haproxy/conf/haproxy.config
3. located "http-request set-header Forwarded for=%[src],host=%[req.hdr(host)],proto=%[req

Actual results:
http-request set-header Forwarded for=%[src],host=%[req.hdr(host)],proto=%[req

Expected results:
http-request set-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req

Additional info:
Comment 1 Ram Ranganathan 2015-12-15 15:07:57 EST
Fixed with PR:  https://github.com/openshift/origin/pull/6327
Comment 2 Ram Ranganathan 2015-12-17 14:06:47 EST
PR merged into origin.
Comment 3 zhaozhanqi 2015-12-18 03:55:59 EST
Already verified this bug on origin, will move 'verified' this bug once it is merged to OSE.
Comment 4 zhaozhanqi 2015-12-22 04:17:53 EST
This bug has been fix in OSE with router image:

rcm-img-docker01.build.eng.bos.redhat.com:5001/openshift3/ose-haproxy-router                     v3.1.1.0            fac972949d0e        2 days ago          412.7 MB

]# curl header-test-insecure-zzhao1.1222-i7n.qe.rhcloud.com
  user-agent: curl/7.40.0
  host: header-test-insecure-zzhao1.1222-i7n.qe.rhcloud.com
  accept: */*
  x-forwarded-host: header-test-insecure-zzhao1.1222-i7n.qe.rhcloud.com
  x-forwarded-port: 80
  x-forwarded-proto: http
  forwarded: for=;host=header-test-insecure-zzhao1.1222-i7n.qe.rhcloud.com;proto=http
Comment 6 errata-xmlrpc 2016-01-26 14:19:45 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.