htsget-rs icon indicating copy to clipboard operation
htsget-rs copied to clipboard

Published 20 hours ago verified publisher icon umccr

Host header copied to tickets

Open KrKOo opened this issue 1 year ago • 4 comments
trafficstars

Hello, I've encountered an issue while configuring an htsget server with UrlStorage and forward_headers enabled. When sending a request to the server, the Host header of the request naturally includes the hostname of the htsget server. However, since all headers are directly copied to the response ticket, the Host header is also included. This could lead to problems, as the resource servers reside on different hosts, causing requests with these headers to fail.

A simple working fix could look like this commit, which lets the client to correctly autofill the host header.

Probably a configurable whitelist/blacklist of forwarded headers could be also a good idea(?)

KrKOo avatar Apr 30 '24 13:04 KrKOo

Hello @KrKOo, thanks for opening your issue and sorry for the delay in answering, I wanted to discuss this with my colleague @mmalenic first. Turns out that what you point out for Host can be applied to other headers as well and could be really useful for everybody using htsget-rs. Would you be interested in opening a PR that allows to remove/replace arbitrary headers? I'll make sure to reply and review it quickly!

Also we're interested in your particular use case for htsget-rs and where did you find the problem you describe: i.e are you running it with a load balancer on the resource servers and that's where you see/find the problem with multiple hosts?

brainstorm avatar May 06 '24 02:05 brainstorm

Sure, I'm a bit busy at the moment but I can make the PR next week, if that works for you.

Yes, we are running htsget-rs and the resource server on Kubernetes behind a load balancer and that's what's blocking those requests. The resource server is an instance of sensitive-data-archive.

KrKOo avatar May 06 '24 09:05 KrKOo

Sure, I'm a bit busy at the moment but I can make the PR next week, if that works for you.

Yes, we are running htsget-rs and the resource server on Kubernetes behind a load balancer and that's what's blocking those requests. The resource server is an instance of sensitive-data-archive.

No rush and contributions are always welcome, thanks so much! Also, didn't know this was part of NeIC, thanks for telling!

brainstorm avatar May 06 '24 09:05 brainstorm

Thanks for opening the issue @KrKOo, that's a useful fix/feature. As @brainstorm said, feel free to open a PR for this. No rush, contributions are always welcome 🙂.

mmalenic avatar May 06 '24 10:05 mmalenic

I think this is closed now with #246. Thanks for the PR again, and let us know if there are any other issues that come up.

mmalenic avatar May 30 '24 23:05 mmalenic