Verified in "4.9.0-0.nightly-2021-06-19-034606" release version. With this payload, it is observed that the haproxy template now allows the header to be case insensitive and include spaces: ------- oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.9.0-0.nightly-2021-06-19-034606 True False 52m Cluster version is 4.9.0-0.nightly-2021-06-19-034606 apiVersion: route.openshift.io/v1 kind: Route metadata: annotations: haproxy.router.openshift.io/hsts_header: max-age=31536000; includeSubDomains; preload openshift.io/host.generated: "true" creationTimestamp: "2021-06-21T06:14:57Z" router config after change: oc -n openshift-ingress exec router-default-6fc58fcbf7-999ql -- grep -i "openshift-console:console" haproxy.config -A15 backend be_secure:openshift-console:console mode http option redispatch option forwardfor balance timeout check 5000ms http-request add-header X-Forwarded-Host %[req.hdr(host)] http-request add-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto http if !{ ssl_fc } http-request add-header X-Forwarded-Proto https if { ssl_fc } http-request add-header X-Forwarded-Proto-Version h2 if { ssl_fc_alpn -i h2 } http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] cookie 1e2670d92730b515ce3a1bb65da45062 insert indirect nocache httponly secure attr SameSite=None http-response set-header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' <----- server pod:console-d8b7db956-nmlps:console:https:10.129.0.36:8443 10.129.0.36:8443 cookie a831362b9b1fbe613d289a244f2ed573 weight 256 ssl verifyhost console.openshift-console.svc verify required ca-file /var/run/configmaps/service-ca/service-ca.crt check inter 5000ms curl -sIk https://console-openshift-console.apps.aiyengar49bz.qe.devcluster.openshift.com | grep -i strict strict-transport-security: max-age=31536000; includeSubDomains; preload -------
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759