Bug 1816544 - [4.4] Forwarded header includes empty quoted proto-version parameter
Summary: [4.4] Forwarded header includes empty quoted proto-version parameter
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Routing
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: 4.4.z
Assignee: Miciah Dashiel Butler Masters
QA Contact: Hongan Li
URL:
Whiteboard:
Depends On: 1803001
Blocks: 1816540
TreeView+ depends on / blocked
 
Reported: 2020-03-24 09:11 UTC by Felipe M
Modified: 2020-06-29 15:34 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: When the ingress controller forwarded an HTTP request to an application, the ingress controller would add a Forwarded HTTP header with a non-standard "proto-version" parameter. Consequence: The Forwarded header was not standards-compliant, which could cause problems when applications tried to parse the header value. Fix: The ingress controller was modified not to specify any "proto-version" parameter in the Forwarded header. Result: The Forwarded header should now be standards-compliant.
Clone Of:
Environment:
Last Closed: 2020-06-29 15:33:54 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Priority Status Summary Last Updated
Github openshift router pull 106 None closed Bug 1816544: [4.4] Backport "remove proto-version header field" 2020-07-31 21:07:21 UTC
Red Hat Bugzilla 1803001 None None None 2020-03-24 09:11:53 UTC
Red Hat Bugzilla 1816540 None None None 2020-03-24 09:11:53 UTC
Red Hat Product Errata RHBA-2020:2713 None None None 2020-06-29 15:34:17 UTC

Internal Links: 1816540

Description Felipe M 2020-03-24 09:11:53 UTC 
Backport of bug report #1803001 to 4.3 (from 4.5) for the case I've been assisting.

Removes "proto-version" header field from the output since it's
not defined in the RFC.
Comment 1 Felipe M 2020-03-24 09:19:59 UTC 
This BZ targets 4.4, sorry about the typo in the first issue comment.
Comment 3 Miciah Dashiel Butler Masters 2020-05-14 17:02:06 UTC 
The 4.4 backport is currently blocked pending the cherry-pick-approved label.
Comment 4 Miciah Dashiel Butler Masters 2020-06-18 19:34:37 UTC 
The 4.4 backport remains blocked on cherry-pick approval.  We'll continue tracking it in the upcoming sprint.
Comment 7 Hongan Li 2020-06-22 09:43:24 UTC 
Verified with 4.4.0-0.nightly-2020-06-21-210301 and proto-version has been removed from the template.

sh-4.2$ grep proto haproxy-config.template -B1
  # See the quoting rules in https://tools.ietf.org/html/rfc7239 for IPv6 addresses (v4 addresses get translated to v6 when in hybrid mode)
  http-request add-header Forwarded for=\"[%[src]]\";host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)]
  {{- else }}
  http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)]

sh-4.2$ grep proto-version haproxy.config 
sh-4.2$
Comment 9 errata-xmlrpc 2020-06-29 15:33:54 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2713
Note You need to log in before you can comment on or make changes to this bug.