http1: do not add transfer-encoding: chunked to 1xx/204 responses#11458
Merged
zuercher merged 6 commits intoJun 10, 2020
Merged
Conversation
Follow-on to envoyproxy#10811. The previous change would strip the transfer-encoding: chunked header if returned by an upstream during upgrade, but the http/1.1 codec adds the header back. RFC 7230, Section 3.3.1 requires that no such header appear in a 1xx response. Additional Description: Unfortunately in the first attempt I failed to realize that transfer-encoding is handled in the HTTP/1 codec. Adds checks and a flag in that codec to disable adding transfer-encoding: chunked to 1xx responses. Risk Level: low Testing: updated tests Docs Changes: n/a Release Notes: n/a Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Member
Author
|
/azp run envoy-presubmit |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
alyssawilk
reviewed
Jun 8, 2020
Contributor
alyssawilk
left a comment
alyssawilk
left a comment
There was a problem hiding this comment.
Ugh, sorry I didn't catch this either and thanks for the follow-up fix!
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
alyssawilk
reviewed
Jun 9, 2020
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
alyssawilk
previously approved these changes
Jun 9, 2020
Contributor
alyssawilk
left a comment
alyssawilk
left a comment
There was a problem hiding this comment.
LGTM but I'd bump the risk level to medium now that this is more substantial.
Member
Author
|
/azp run envoy-presubmit |
|
Azure Pipelines successfully started running 1 pipeline(s). |
Member
Author
|
@mattklein123 do you want to look at this as well? |
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Member
|
Sure will take a quick look tomorrow. |
mattklein123
previously approved these changes
Jun 10, 2020
Member
mattklein123
left a comment
mattklein123
left a comment
There was a problem hiding this comment.
LGTM with one comment/question.
| // Enabling handling of https://tools.ietf.org/html/rfc7230#section-3.3.1 and | ||
| // https://tools.ietf.org/html/rfc7230#section-3.3.2. Also resets these flags | ||
| // if a 100 Continue is followed by another status. | ||
| setIs1xx(numeric_status < 200); |
Member
There was a problem hiding this comment.
I vaguely recall asking @alyssawilk this when the above code was written, but can't we just pass some state directly into encodeHeadersBase such as bool never_chunk_encode and avoid the indirection with member variables? It seems simpler to understand but I don't feel strongly about it. The base function already has request/response specific logic also so it seems not even terrible to just pass the is_1xx_response and is_204_response directly also, but a generic bool seems better.
Member
Author
There was a problem hiding this comment.
I'll take a look at this, but in another PR, if that's ok with everyone. I think the right thing to do will be to split up this chunk of logic in a way that lets us break this up -- parts of it are really only applicable to responses.
Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
Member
Author
|
Merged master to resolve a conflict. |
alyssawilk
approved these changes
Jun 10, 2020
zuercher
added a commit
to zuercher/envoy
that referenced
this pull request
Jun 23, 2020
Commit Message: Some flags in the StreamEncoderImpl are only necessary for the duration of calls to encodeHeadersBase. Remove the fields and pass response status as an optional value rather than setting fields ahead of the encodeHeadersBase call. Additional Description: This refactoring was promised during review of envoyproxy#11458. This is a little more complicated than passing a never-chunk-encode bool since the behavior also covers content-length and may be partially disabled via the runtime flag added in 11458. Assigned risk level medium because its the h1 encoder. Risk Level: medium Testing: existing tests pass Doc Changes: n/a Release Note: n/a Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
yashwant121
pushed a commit
to yashwant121/envoy
that referenced
this pull request
Jun 24, 2020
…voyproxy#11458) Follow-on to envoyproxy#10811. The previous change would strip the transfer-encoding: chunked header if returned by an upstream during upgrade, but the http/1.1 codec adds the header back. RFC 7230, Section 3.3.1 requires that no such header appear in a 1xx or 204 response. Use runtime feature "envoy.reloadable_features.strict_1xx_and_204_response_headers" to disable. Risk Level: medium Testing: updated tests Docs Changes: n/a Release Notes: updated Signed-off-by: Stephan Zuercher <zuercher@gmail.com> Signed-off-by: yashwant121 <yadavyashwant36@gmail.com>
songhu
pushed a commit
to songhu/envoy
that referenced
this pull request
Jun 25, 2020
…voyproxy#11458) Follow-on to envoyproxy#10811. The previous change would strip the transfer-encoding: chunked header if returned by an upstream during upgrade, but the http/1.1 codec adds the header back. RFC 7230, Section 3.3.1 requires that no such header appear in a 1xx or 204 response. Use runtime feature "envoy.reloadable_features.strict_1xx_and_204_response_headers" to disable. Risk Level: medium Testing: updated tests Docs Changes: n/a Release Notes: updated Signed-off-by: Stephan Zuercher <zuercher@gmail.com>
davidraskin
added a commit
to davidraskin/envoy
that referenced
this pull request
Jul 21, 2020
…nses (envoyproxy#11458)" This reverts commit 353c216. Signed-off-by: davidraskin <draskin@google.com>
davidraskin
added a commit
to davidraskin/envoy
that referenced
this pull request
Jul 21, 2020
…04 responses (envoyproxy#11458)"" This reverts commit c3e9321fa65ce3b2ff52c9040a01cc8e04a796b9. Signed-off-by: davidraskin <draskin@google.com>
yashwant121
pushed a commit
to yashwant121/envoy
that referenced
this pull request
Jul 24, 2020
…voyproxy#11458) Follow-on to envoyproxy#10811. The previous change would strip the transfer-encoding: chunked header if returned by an upstream during upgrade, but the http/1.1 codec adds the header back. RFC 7230, Section 3.3.1 requires that no such header appear in a 1xx or 204 response. Use runtime feature "envoy.reloadable_features.strict_1xx_and_204_response_headers" to disable. Risk Level: medium Testing: updated tests Docs Changes: n/a Release Notes: updated Signed-off-by: Stephan Zuercher <zuercher@gmail.com> Signed-off-by: yashwant121 <yadavyashwant36@gmail.com>
This was referenced Jan 11, 2021
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Commit Message:
Follow-on to #10811. The previous change would strip the
transfer-encoding: chunked header if returned by an upstream
during upgrade, but the http/1.1 codec adds the header back.
RFC 7230, Section 3.3.1 requires that no such header appear
in a 1xx or 204 response.
Additional Description:
Unfortunately in the first attempt I failed to realize that transfer-encoding
is re-added in the HTTP/1 codec. Adds checks and a flag in that codec to
disable adding transfer-encoding: chunked to 1xx/204 responses.
Risk Level: medium, http behavior made stricter
Testing: updated tests
Docs Changes: n/a
Release Notes: added
Signed-off-by: Stephan Zuercher zuercher@gmail.com