Description of problem: Pull request #8 for openshift/router [1] changed the haproxy template Forwarded header for it to contain quotes on the proto-version field value even when this value was empty. Acording to PR author, this is defined on RFC7239, and field value components are defined in RFC7230 Section 3.2.6 [2] The definition for this field values specify that the length of the value must be more than one character. [2] token = 1*tchar tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA ; any VCHAR, except delimiters [1] https://github.com/openshift/router/pull/8 [2] https://tools.ietf.org/html/rfc7230#section-3.2.6
Good morning, thanks for the quick response! Will this be backported to 4.2? Thanks, F.
verified with 4.5.0-0.nightly-2020-03-18-115438 and the `proto-version` header has been removed. $ oc -n openshift-ingress rsh router-default-565f46859f-qg2s8 sh-4.2$ grep proto haproxy-config.template -C 2 {{- if matchPattern "(v4)?v6" $router_ip_v4_v6_mode }} # See the quoting rules in https://tools.ietf.org/html/rfc7239 for IPv6 addresses (v4 addresses get translated to v6 when in hybrid mode) http-request add-header Forwarded for=\"[%[src]]\";host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] {{- else }} http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] {{- end }}
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409
Hi team, whether/will this can be backported to 3.11. Regards, Eswar.