Skip to content

THREESCALE-10151 fix proxy policy doesn't send headers set by APIcast to the API Backend#1588

Open
tkan145 wants to merge 1 commit into
3scale:masterfrom
tkan145:THREESCALE-10151
Open

THREESCALE-10151 fix proxy policy doesn't send headers set by APIcast to the API Backend#1588
tkan145 wants to merge 1 commit into
3scale:masterfrom
tkan145:THREESCALE-10151

Conversation

@tkan145

@tkan145 tkan145 commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

What

Fix https://redhat.atlassian.net/browse/THREESCALE-10151

Verification steps:

  • Checkout this branch
  • Build new runtime-image
make runtime-image IMAGE_NAME=apicast-test
  • Get inside dev-envinroment
cd dev-environments/https-proxy-upstream-tlsv1.3/
  • Update apicast-config.json as follow
diff --git a/dev-environments/https-proxy-upstream-tlsv1.3/apicast-config.json b/dev-environments/https-proxy-upstream-tlsv1.3/apicast-config.json
index 5227c5aa..bf662f8a 100644
--- a/dev-environments/https-proxy-upstream-tlsv1.3/apicast-config.json
+++ b/dev-environments/https-proxy-upstream-tlsv1.3/apicast-config.json
@@ -4,6 +4,7 @@
       "id": "1",
       "backend_version": "1",
       "proxy": {
+        "secret_token": "token",
         "hosts": ["get.example.com"],
         "api_backend": "https://example.com/get",
         "backend": {
  • Start the gateway
make gateway IMAGE_NAME=apicast-test
  • Send a request
curl --resolve get.example.com:8080:127.0.0.1 -v "http://get.example.com:8080/?user_key=123"
  • You should see the secret token in the response
* Request completely sent off
< HTTP/1.1 200 OK
< Content-Type: application/json
< Transfer-Encoding: chunked
< Connection: keep-alive
< Date: Mon, 08 Jun 2026 03:19:35 GMT
< Server: WEBrick/1.6.1 (Ruby/2.7.4/2021-07-07)
<
{
  "method": "GET",
  "path": "/get",
  "query_string": "user_key=123",
  "body": "",
  "headers": {
    "X-3scale-Proxy-Secret-Token": "token",
    "User-Agent": "curl/8.15.0",
    "X-3scale-Debug": "",
    "Accept": "*/*",
    "Host": "example.com",
    "X-Real-Ip": "172.20.0.1",
    "Version": "HTTP/1.1"
  },
  "uuid": "c199b276-0856-4929-a0f4-3766d8c97b3b"

@tkan145 tkan145 requested a review from a team as a code owner June 8, 2026 03:20
@tkan145 tkan145 force-pushed the THREESCALE-10151 branch 2 times, most recently from 39d97e1 to 2ee10c8 Compare June 8, 2026 03:33
mayorova
mayorova reviewed Jun 10, 2026
View reviewed changes
Comment thread gateway/src/apicast/http_proxy.lua Outdated

local headers = ngx_req_get_headers(0, true)
headers["X-Real-IP"] = ngx.var.remote_addr
headers["X-3scale-debug"] = ""

@mayorova mayorova Jun 10, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
headers["X-3scale-debug"] = ""
headers["X-3scale-debug"] = nil

The corresponding proxy_set_header X-3scale-debug ""; does actually remove the header if it is present, but in Lua we need to set it to nil to remove.
Otherwise, an empty X-3scale-debug header will be added to the request, which, I understand, is not what we want (because the header is only intended for APIcast itself).

@tkan145 tkan145 Jun 11, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed, thanks

mayorova
mayorova reviewed Jun 10, 2026
View reviewed changes
Comment thread gateway/src/apicast/http_proxy.lua Outdated
local res
res, err = httpc:request(request)

local inspect = require 'inspect'

@mayorova mayorova Jun 10, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess these lines need to be removed as they were probably just added for debugging.

@tkan145 tkan145 Jun 11, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good catch, removed.

@tkan145 tkan145 force-pushed the THREESCALE-10151 branch from 2ee10c8 to 4f1ea19 Compare June 11, 2026 03:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mayorova mayorova mayorova left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tkan145 @mayorova