Bug 1816540 - [4.3] Forwarded header includes empty quoted proto-version parameter
Summary: [4.3] Forwarded header includes empty quoted proto-version parameter
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.3.z
Assignee: Miciah Dashiel Butler Masters
QA Contact: Arvind iyengar
URL:
Whiteboard:
Depends On: 1816544
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-03-24 09:08 UTC by Felipe M
Modified: 2023-10-06 19:29 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: When the ingress controller forwarded an HTTP request to an application, the ingress controller would add a Forwarded HTTP header with a non-standard "proto-version" parameter. Consequence: The Forwarded header was not standards-compliant, which could cause problems when applications tried to parse the header value. Fix: The ingress controller was modified not to specify any "proto-version" parameter in the Forwarded header. Result: The Forwarded header should now be standards-compliant.
Clone Of:
Environment:
Last Closed: 2020-07-14 16:11:52 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift router pull 105 0 None closed Bug 1816540: [4.3] Backport "remove proto-version header field" 2021-02-15 04:14:24 UTC
Red Hat Bugzilla 1803001 0 low CLOSED Forwarded header includes empty quoted proto-version parameter 2023-10-06 19:12:47 UTC
Red Hat Bugzilla 1816544 0 unspecified CLOSED [4.4] Forwarded header includes empty quoted proto-version parameter 2023-10-06 19:29:18 UTC
Red Hat Product Errata RHBA-2020:2872 0 None None None 2020-07-14 16:12:06 UTC

Internal Links: 1816544

Description Felipe M 2020-03-24 09:08:27 UTC 
Backport of bug report #1803001 to 4.3 (from 4.5) for the case I've been assisting.

Removes "proto-version" header field from the output since it's
not defined in the RFC.
Comment 2 Miciah Dashiel Butler Masters 2020-05-11 18:35:29 UTC 
The 4.3 backport is currently blocked on the 4.4 backport (bug 1816544), which needs to be QA'd before the 4.3 backport can merge.
Comment 3 Miciah Dashiel Butler Masters 2020-06-18 19:33:34 UTC 
The 4.3 backport is still blocked on the 4.4 backport, which is waiting for cherry-pick approval.  We'll continue to track these ports in the upcoming sprint.
Comment 8 Arvind iyengar 2020-07-06 05:01:13 UTC 
The PR was merged and made into "4.3.0-0.nightly-2020-07-03-062023" version. It is noted that "proto-version" is no more present in the haproxy config templates as intended:
----
$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.3.0-0.nightly-2020-07-03-062023   True        False         10m     Cluster version is 4.3.0-0.nightly-2020-07-03-062023

$ oc -n openshift-ingress exec pod/router-default-69dc599c6c-f4d7d -- cat haproxy-config.template | grep proto 
http-request add-header Forwarded for=\"[%[src]]\";host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)]
http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)]
----
Comment 10 errata-xmlrpc 2020-07-14 16:11:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2872
Note You need to log in before you can comment on or make changes to this bug.