From d0353622597063b7eabc8cd827b942849e29de68 Mon Sep 17 00:00:00 2001 From: "data-plane-api(Azure Pipelines)" Date: Wed, 7 Jul 2021 18:35:09 +0000 Subject: [PATCH] hcm: adding a knob for setting scheme (#17070) Adding the option to override scheme Risk Level: low (config guarded code) Testing: unit testing Docs Changes: n/a Release Notes: inline Part of #14587 Fixes #17105 Signed-off-by: Alyssa Wilk Mirrored from https://github.com/envoyproxy/envoy @ fe8f2243b287feb2d6868a151e299e54c71036d3 --- envoy/config/core/v3/protocol.proto | 8 ++++++++ envoy/config/core/v4alpha/protocol.proto | 11 +++++++++++ .../v3/http_connection_manager.proto | 7 ++++++- .../v4alpha/http_connection_manager.proto | 7 ++++++- 4 files changed, 31 insertions(+), 2 deletions(-) diff --git a/envoy/config/core/v3/protocol.proto b/envoy/config/core/v3/protocol.proto index cf98e537..d3b56a5e 100644 --- a/envoy/config/core/v3/protocol.proto +++ b/envoy/config/core/v3/protocol.proto @@ -478,3 +478,11 @@ message Http3ProtocolOptions { // `. google.protobuf.BoolValue override_stream_error_on_invalid_http_message = 2; } + +// A message to control transformations to the :scheme header +message SchemeHeaderTransformation { + oneof transformation { + // Overwrite any Scheme header with the contents of this string. + string scheme_to_overwrite = 1 [(validate.rules).string = {in: "http" in: "https"}]; + } +} diff --git a/envoy/config/core/v4alpha/protocol.proto b/envoy/config/core/v4alpha/protocol.proto index abfd1444..50c47f00 100644 --- a/envoy/config/core/v4alpha/protocol.proto +++ b/envoy/config/core/v4alpha/protocol.proto @@ -478,3 +478,14 @@ message Http3ProtocolOptions { // `. google.protobuf.BoolValue override_stream_error_on_invalid_http_message = 2; } + +// A message to control transformations to the :scheme header +message SchemeHeaderTransformation { + option (udpa.annotations.versioning).previous_message_type = + "envoy.config.core.v3.SchemeHeaderTransformation"; + + oneof transformation { + // Overwrite any Scheme header with the contents of this string. + string scheme_to_overwrite = 1 [(validate.rules).string = {in: "http" in: "https"}]; + } +} diff --git a/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto index 856249c2..97e7f420 100644 --- a/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto +++ b/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto @@ -35,7 +35,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // HTTP connection manager :ref:`configuration overview `. // [#extension: envoy.filters.network.http_connection_manager] -// [#next-free-field: 48] +// [#next-free-field: 49] message HttpConnectionManager { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager"; @@ -371,6 +371,11 @@ message HttpConnectionManager { ServerHeaderTransformation server_header_transformation = 34 [(validate.rules).enum = {defined_only: true}]; + // Allows for explicit transformation of the :scheme header on the request path. + // If not set, Envoy's default :ref:`scheme ` + // handling applies. + config.core.v3.SchemeHeaderTransformation scheme_header_transformation = 48; + // The maximum request headers size for incoming connections. // If unconfigured, the default max request headers allowed is 60 KiB. // Requests that exceed this limit will receive a 431 response. diff --git a/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto b/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto index c9f4333f..70746c3b 100644 --- a/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto +++ b/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto @@ -33,7 +33,7 @@ option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSIO // HTTP connection manager :ref:`configuration overview `. // [#extension: envoy.filters.network.http_connection_manager] -// [#next-free-field: 48] +// [#next-free-field: 49] message HttpConnectionManager { option (udpa.annotations.versioning).previous_message_type = "envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager"; @@ -373,6 +373,11 @@ message HttpConnectionManager { ServerHeaderTransformation server_header_transformation = 34 [(validate.rules).enum = {defined_only: true}]; + // Allows for explicit transformation of the :scheme header on the request path. + // If not set, Envoy's default :ref:`scheme ` + // handling applies. + config.core.v4alpha.SchemeHeaderTransformation scheme_header_transformation = 48; + // The maximum request headers size for incoming connections. // If unconfigured, the default max request headers allowed is 60 KiB. // Requests that exceed this limit will receive a 431 response.