ingress-nginx
ingress-nginx copied to clipboard
kubernetes
NGINX: add X-Original-Forwarded-Host header
adds the equivalent of the existing X-Original-Forwarded-For header but for the X-Forwarded-Host instead. typically helps in the context of configuration snippet deprecation, as there is currently no safe way to add this header when it was already set upstream
What this PR does / why we need it:
with nginx controller version 1.12.0, configuration snippets are considered Critical per default and not allowed anymore. as a result, some users who relied on config snippets to set an X-Original-Forwarded-Host header are left without a solution.
this PR adds the X-Original-Forwarded-Host per default, akin to the existing X-Original-Forwarded-For header. Those headers are used to pass the original X-Forwarded-{For,Host} further to the upstream.
ℹ️ it would be nice to cherry-pick this commit back to release/v1.12 if it gets merged.
Types of changes
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] CVE Report (Scanner found CVE and adding report)
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
- [ ] Documentation only
How Has This Been Tested?
I tested the implementation locally and added an e2e test to cover this new header.
Checklist:
- [ ] My change requires a change to the documentation.
- [ ] I have updated the documentation accordingly.
- [x] I've read the CONTRIBUTION guide
- [x] I have added unit and/or e2e tests to cover my changes.
- [x] All new and existing tests passed.
Hi @clementnuss. Thanks for your PR.
I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test label.
I understand the commands that are listed here.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
Deploy Preview for kubernetes-ingress-nginx canceled.
| Name | Link |
|---|---|
| Latest commit | 070fdfc80ee9bdb039eae5f28c3f4edd6a2a42a8 |
| Latest deploy log | https://app.netlify.com/sites/kubernetes-ingress-nginx/deploys/68220ea18900de0008b59077 |
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
I modified a series of test that were using assert.Contains(...,"host=myhost") and switched to using a regexp that checks whether we have a whitespace before host, as otherwise the new x-original-forwarded-host=myhost header will trigger the Contains expression.
the logic can be checked here: https://go.dev/play/p/cgkKxJZtCCp
in the current state I believe that the tests should pass, the one that failed looks like a false positive to me.
also sorry for abusing github action to run the tests, but locally on my arm64 mac it was complicated to run the e2e tests.
hi @Gacko
sorry for the ping, I would just need to know whether there's a chance this PR gets merged or not (even if it only lands in 1.13).
then based on your feedback, we will have to decide wether we keep allowing configuration snippet as fallback 😟 to generate this X-Original-Forwarded-Host header, or if we start building a custom nginx release until this PR gets merged 🤞🏼
also please let me know if it needs more tests or anything else.
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: clementnuss, Gacko
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~OWNERS~~ [Gacko]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment