From f424d4aad1a9c8c5b096467079c3ad0ff4c7b135 Mon Sep 17 00:00:00 2001
From: "data-plane-api(CircleCI)" <data-plane-api@users.noreply.github.com>
Date: Tue, 8 Sep 2020 14:59:39 +0000
Subject: [PATCH] Added PGV constraint for serverName. (#12967)

Added PGV constraint to not allow

 in serverName.Currently, header doesn't allow
.

Risk Level: Low
Testing: config_test

Fixes #12709

Signed-off-by: Manish Kumar <manish.kumar1@india.nec.com>

Mirrored from https://github.com/envoyproxy/envoy @ 23df69ee53d0e0a68073885df27d8b893bd81eee
---
 .../http_connection_manager/v3/http_connection_manager.proto   | 3 ++-
 .../v4alpha/http_connection_manager.proto                      | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
index ebb110fc..68c5c8ca 100644
--- a/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
+++ b/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto
@@ -298,7 +298,8 @@ message HttpConnectionManager {
 
   // An optional override that the connection manager will write to the server
   // header in responses. If not set, the default is *envoy*.
-  string server_name = 10;
+  string server_name = 10
+      [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];
 
   // Defines the action to be applied to the Server header on the response path.
   // By default, Envoy will overwrite the header with the value specified in
diff --git a/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto b/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto
index 63191335..9db92927 100644
--- a/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto
+++ b/envoy/extensions/filters/network/http_connection_manager/v4alpha/http_connection_manager.proto
@@ -297,7 +297,8 @@ message HttpConnectionManager {
 
   // An optional override that the connection manager will write to the server
   // header in responses. If not set, the default is *envoy*.
-  string server_name = 10;
+  string server_name = 10
+      [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}];
 
   // Defines the action to be applied to the Server header on the response path.
   // By default, Envoy will overwrite the header with the value specified in