From 403ae88f9c0804c53bf55f6611912afe5ca00c33 Mon Sep 17 00:00:00 2001
From: "data-plane-api(CircleCI)" <data-plane-api@users.noreply.github.com>
Date: Mon, 27 Jan 2020 22:40:22 +0000
Subject: [PATCH] ext_authz: Skip setting content-length when it is part of the
 allowed headers (#9718)

In ext_authz HTTP implementation, when user set content-length as one of
the allowed headers patterns as part of request authorization, we should
skip setting it since it is already configured at initialization and the
value depends on the request_size.

Signed-off-by: Dhi Aurrahman <dio@tetrate.io>

Mirrored from https://github.com/envoyproxy/envoy @ aaf67bba8c0fd245dbdd41b7c9eef6639ecbfa0d
---
 envoy/config/filter/http/ext_authz/v2/ext_authz.proto      | 6 +++++-
 envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/envoy/config/filter/http/ext_authz/v2/ext_authz.proto b/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
index d80ca7f4..a67e4dd6 100644
--- a/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
+++ b/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
@@ -166,7 +166,11 @@ message AuthorizationRequest {
   // 1. *Host*, *Method*, *Path* and *Content-Length* are automatically included to the list.
   //
   // 2. *Content-Length* will be set to 0 and the request to the authorization service will not have
-  // a message body.
+  // a message body. However, the authorization request can include the buffered client request body
+  // (controlled by :ref:`with_request_body
+  // <envoy_api_field_config.filter.http.ext_authz.v2.ExtAuthz.with_request_body>` setting),
+  // consequently the value of *Content-Length* of the authorization request reflects the size of
+  // its payload size.
   //
   type.matcher.ListStringMatcher allowed_headers = 1;
 
diff --git a/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto b/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
index f855a9e7..747378d9 100644
--- a/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
+++ b/envoy/extensions/filters/http/ext_authz/v3/ext_authz.proto
@@ -175,7 +175,11 @@ message AuthorizationRequest {
   // 1. *Host*, *Method*, *Path* and *Content-Length* are automatically included to the list.
   //
   // 2. *Content-Length* will be set to 0 and the request to the authorization service will not have
-  // a message body.
+  // a message body. However, the authorization request can include the buffered client request body
+  // (controlled by :ref:`with_request_body
+  // <envoy_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.with_request_body>` setting),
+  // consequently the value of *Content-Length* of the authorization request reflects the size of
+  // its payload size.
   //
   type.matcher.v3.ListStringMatcher allowed_headers = 1;