Bug 1878319
| Summary: | Having a trailing dot in the host when requesting a Route elicits an HTTP 503 response | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Miciah Dashiel Butler Masters <mmasters> |
| Component: | Networking | Assignee: | Miciah Dashiel Butler Masters <mmasters> |
| Networking sub component: | router | QA Contact: | Arvind iyengar <aiyengar> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | low | ||
| Priority: | low | CC: | aiyengar, aos-bugs, hongli, sgreene |
| Version: | 4.6 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.6.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-27 16:40:12 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
The merge made into "4.6.0-0.nightly-2020-09-15-030633" release. The route remains reachable even with trailing dots added to it: ----- $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.6.0-0.nightly-2020-09-15-030633 True False 21h Cluster version is 4.6.0-0.nightly-2020-09-15-030633 $ curl -v http://hello-openshift-hello-openshift.${INGRESS_DOMAIN}./ * Trying 3.131.240.35:80... * TCP_NODELAY set * Connected to hello-openshift-hello-openshift.apps.oc46-aiyengar-1509.qe.devcluster.openshift.com (3.131.240.35) port 80 (#0) > GET / HTTP/1.1 > Host: hello-openshift-hello-openshift.apps.oc46-aiyengar-1509.qe.devcluster.openshift.com > User-Agent: curl/7.68.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < date: Wed, 16 Sep 2020 08:59:50 GMT < content-length: 17 < content-type: text/plain; charset=utf-8 < set-cookie: 5f0b3401a2c37e8a693db0102c7aba91=840cc41421b2785a61ff72c75f816a53; path=/; HttpOnly < cache-control: private < Hello OpenShift! * Connection #0 to host hello-openshift-hello-openshift.apps.oc46-aiyengar-1509.qe.devcluster.openshift.com left intact ----- Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |
Description of problem: If I send an HTTP request for a Route to an ingress controller, and the request includes a trailing dot in the host name, then the ingress controller responds with an HTTP 503 error response. Version-Release number of selected component (if applicable): 4.6.0-0.ci-2020-09-11-154332 How reproducible: Easily. Steps to Reproduce: 1. Create a test application Pod, Service, and Route: oc adm new-project hello-openshift oc -n hello-openshift create -f https://raw.githubusercontent.com/openshift/origin/master/examples/hello-openshift/hello-pod.json oc -n hello-openshift expose pod/hello-openshift oc -n hello-openshift expose svc/hello-openshift 2. Send an HTTP request to the Route created in Step 1 using the route's host *without* a trailing dot: INGRESS_DOMAIN="$(oc get ingress.config/cluster -o 'jsonpath={.spec.domain}')" curl -v http://hello-openshift-hello-openshift.${INGRESS_DOMAIN}/ 3. Send an HTTP request to the Route using the route's host *with* a trailing dot: curl -v http://hello-openshift-hello-openshift.${INGRESS_DOMAIN}./ Actual results: Step 2 results in an HTTP 200 response: % curl -v http://hello-openshift-hello-openshift.${INGRESS_DOMAIN}/ * About to connect() to hello-openshift-hello-openshift.apps.ci-ln-5510vdk-f76d1.origin-ci-int-gce.dev.openshift.com port 80 (#0) * Trying 35.185.121.200... * Connected to hello-openshift-hello-openshift.apps.ci-ln-5510vdk-f76d1.origin-ci-int-gce.dev.openshift.com (35.185.121.200) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: hello-openshift-hello-openshift.apps.ci-ln-5510vdk-f76d1.origin-ci-int-gce.dev.openshift.com > Accept: */* > < HTTP/1.1 200 OK < date: Fri, 11 Sep 2020 22:40:33 GMT < content-length: 17 < content-type: text/plain; charset=utf-8 < set-cookie: 5f0b3401a2c37e8a693db0102c7aba91=0a081daf523c9e92e77c522db9f297ad; path=/; HttpOnly < cache-control: private < Hello OpenShift! Step 3 results in an HTTP 503 response: % curl -v http://hello-openshift-hello-openshift.${INGRESS_DOMAIN}./ * About to connect() to hello-openshift-hello-openshift.apps.ci-ln-5510vdk-f76d1.origin-ci-int-gce.dev.openshift.com. port 80 (#0) * Trying 35.185.121.200... * Connected to hello-openshift-hello-openshift.apps.ci-ln-5510vdk-f76d1.origin-ci-int-gce.dev.openshift.com. (35.185.121.200) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: hello-openshift-hello-openshift.apps.ci-ln-5510vdk-f76d1.origin-ci-int-gce.dev.openshift.com. > Accept: */* > * HTTP 1.0, assume close after body < HTTP/1.0 503 Service Unavailable < pragma: no-cache < cache-control: private, max-age=0, no-cache, no-store < content-type: text/html < [...] Expected results: Both Step 2 and Step 3 should result in HTTP 200 responses. Additional info: RFC 7230, section 5.4, specifies that the HTTP "host" header value includes the URI host as defined in RFC 3986, section 3.2.2, which indicates that a trailing dot is permitted.