From d0d907d784c43ff396772a50fe5f059dbb883509 Mon Sep 17 00:00:00 2001
From: "data-plane-api(CircleCI)" <data-plane-api@users.noreply.github.com>
Date: Fri, 3 Aug 2018 21:23:35 +0000
Subject: [PATCH] upstream: require opt-in for the x-envoy-original-dst-host
 header. (#4046)

*Risk Level*: Low
*Testing*: bazel test //test/...
*Docs Changes*: Added
*Release Notes*: Added

Signed-off-by: Piotr Sikora <piotrsikora@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ 346059548e135199eb0b7f0006f3ef19e173bf79
---
 envoy/api/v2/cds.proto | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/envoy/api/v2/cds.proto b/envoy/api/v2/cds.proto
index e23cda0c..64b2810c 100644
--- a/envoy/api/v2/cds.proto
+++ b/envoy/api/v2/cds.proto
@@ -46,7 +46,7 @@ service ClusterDiscoveryService {
 // [#protodoc-title: Clusters]
 
 // Configuration for a single upstream cluster.
-// [#comment:next free field: 34]
+// [#comment:next free field: 35]
 message Cluster {
   // Supplies the name of the cluster which must be unique across all clusters.
   // The cluster name is used when emitting
@@ -394,6 +394,22 @@ message Cluster {
     DeprecatedV1 deprecated_v1 = 2 [deprecated = true];
   }
 
+  // Specific configuration for the
+  // :ref:`Original Destination <arch_overview_load_balancing_types_original_destination>`
+  // load balancing policy.
+  message OriginalDstLbConfig {
+    // When true, :ref:`x-envoy-orignal-dst-host
+    // <config_http_conn_man_headers_x-envoy-original-dst-host>` can be used to override destination
+    // address.
+    //
+    // .. attention::
+    //
+    //   This header isn't sanitized by default, so enabling this feature allows HTTP clients to
+    //   route traffic to arbitrary hosts and/or ports, which may have serious security
+    //   consequences.
+    bool use_http_header = 1;
+  }
+
   // Optional configuration for the load balancing algorithm selected by
   // LbPolicy. Currently only
   // :ref:`RING_HASH<envoy_api_enum_value_Cluster.LbPolicy.RING_HASH>`
@@ -404,6 +420,8 @@ message Cluster {
   oneof lb_config {
     // Optional configuration for the Ring Hash load balancing policy.
     RingHashLbConfig ring_hash_lb_config = 23;
+    // Optional configuration for the Original Destination load balancing policy.
+    OriginalDstLbConfig original_dst_lb_config = 34;
   }
 
   // Common configuration for all load balancer implementations.