Uploaded image for project: 'Red Hat 3scale API Management'
  1. Red Hat 3scale API Management
  2. THREESCALE-6704

APIcast is stripping away If-Match and If-None-Match headers from requests

    XMLWordPrintable

Details

    • False
    • False
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Not Started
    • Yes
    • +
    • Undefined
    • Hide

      With the configuration `235` (attached),

      curl -k "https://lapicast-staging.apps-crc.testing:443/?user_key=b6..f42" -H "If-Match: anything" -v

      Returns:

      "headers": {
 "HTTP_VERSION": "HTTP/1.1",
 "HTTP_HOST": "echo-api.3scale.net",
 "HTTP_ACCEPT": "*/*",
 "HTTP_USER_AGENT": "curl/7.71.1",
 "HTTP_X_3SCALE_PROXY_SECRET_TOKEN": "Shared_secret_sent_from_proxy_to_API_backend_2a5ff0d049c54036",
 "HTTP_X_REAL_IP": "10.116.0.1",
 "HTTP_X_FORWARDED_FOR": "192.168.130.1, 10.0.103.196",
 "HTTP_X_FORWARDED_HOST": "echo-api.3scale.net",
 "HTTP_X_FORWARDED_PORT": "443",
 "HTTP_X_FORWARDED_PROTO": "https",
 "HTTP_FORWARDED": "for=10.0.103.196;host=echo-api.3scale.net;proto=https"
 }

      (in thie case the request reaches the upstream but the header was not delivered.

       

      With the configuration `236` (attached),

      curl -k "https://lapicast-staging.apps-crc.testing:443/?user_key=b6e6c4e80ce1fe048464f4c6d1d8af42" -H "If-Match: anything"
<html>
<head><title>412 Precondition Failed</title></head>
<body>
<center><h1>412 Precondition Failed</h1></center>
<hr><center>openresty</center>
</body>
</html>

      (here the 412 is coming from APIcast)

      Show
      With the configuration `235` (attached), curl -k "https: //lapicast-staging.apps-crc.testing:443/?user_key=b6..f42" -H "If-Match: anything" -v Returns: "headers" : { "HTTP_VERSION" : "HTTP/1.1" , "HTTP_HOST" : "echo-api.3scale.net" , "HTTP_ACCEPT" : "*/*" , "HTTP_USER_AGENT" : "curl/7.71.1" , "HTTP_X_3SCALE_PROXY_SECRET_TOKEN" : "Shared_secret_sent_from_proxy_to_API_backend_2a5ff0d049c54036" , "HTTP_X_REAL_IP" : "10.116.0.1" , "HTTP_X_FORWARDED_FOR" : "192.168.130.1, 10.0.103.196" , "HTTP_X_FORWARDED_HOST" : "echo-api.3scale.net" , "HTTP_X_FORWARDED_PORT" : "443" , "HTTP_X_FORWARDED_PROTO" : "https" , "HTTP_FORWARDED" : " for =10.0.103.196;host=echo-api.3scale.net;proto=https" } (in thie case the request reaches the upstream but the header was not delivered.   With the configuration `236` (attached), curl -k "https: //lapicast-staging.apps-crc.testing:443/?user_key=b6e6c4e80ce1fe048464f4c6d1d8af42" -H "If-Match: anything" <html> <head><title>412 Precondition Failed</title></head> <body> <center><h1>412 Precondition Failed</h1></center> <hr><center>openresty</center> </body> </html> (here the 412 is coming from APIcast)

    Description

      Regardless of the configuration and policies involved, APIcast is removingto the `If-Match` and `If-None-Match` headers from requests.
      With certain upstreams, APIcast returns the following response instead of forwarding the request to upstream:

      <html>
<head><title>412 Precondition Failed</title></head>
<body>
<center><h1>412 Precondition Failed</h1></center>
<hr><center>openresty</center>
</body>
</html>

      APIcast shouldn't modify (or be affected by) the request headers, the client should be able to send the headers to the upstream API.

      Attached example configuration.

      It seems that this was introduced in 2.9.

      Attachments

        1. apicast-config-api-sandbox-235.json
          3 kB
          Samuele Illuminati
        2. apicast-config-api-sandbox-236.json
          3 kB
          Samuele Illuminati

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. THREESCALE-7514 Nginx filter policy is not working as expected when using content-caching

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              Unassigned Unassigned
              rhn-support-sillumin Samuele Illuminati (Inactive)
              David Rajnoha David Rajnoha (Inactive)
              Eloy Coto Eloy Coto (Inactive)
              Eloy Coto Eloy Coto (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: