Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

ext_authz: Use 403 as default for denied response (#18010)

Browse Source 
Before this, when a gRPC server sends out DeniedResponse as a check
response for a request but without setting the
HttpResponse.DeniedResponse.Status, HTTP ext_authz filter translates
that as "0" (empty/unknown HTTP status code). This patch makes sure we
reply with a valid 403 Forbidden HTTP status code (the current default
status code for denied response).

Signed-off-by: Dhi Aurrahman <dio@rockybars.com>

Mirrored from https://github.com/envoyproxy/envoy @ e3af0943fff8444660a797cce6a78fd956e3c2cf
pull/624/head
data-plane-api(Azure Pipelines) 3 years ago
parent dd7cde1c7b
commit f6118febc7
1 changed files with 6 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      envoy/service/auth/v3/external_auth.proto

10
envoy/service/auth/v3/external_auth.proto
Unescape View File

@ -46,9 +46,9 @@ message DeniedHttpResponse {
option (udpa.annotations.versioning).previous_message_type =
"envoy.service.auth.v2.DeniedHttpResponse";
// This field allows the authorization service to send a HTTP response status
// code to the downstream client other than 403 (Forbidden).
type.v3.HttpStatus status = 1 [(validate.rules).message = {required: true}];
// This field allows the authorization service to send an HTTP response status code to the
// downstream client. If not set, Envoy sends ``403 Forbidden`` HTTP status code by default.
type.v3.HttpStatus status = 1;
// This field allows the authorization service to send HTTP response headers
// to the downstream client. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to
@ -110,7 +110,9 @@ message CheckResponse {
option (udpa.annotations.versioning).previous_message_type =
"envoy.service.auth.v2.CheckResponse";
// Status `OK` allows the request. Any other status indicates the request should be denied.
// Status `OK` allows the request. Any other status indicates the request should be denied, and
// for HTTP filter, if not overridden by :ref:`denied HTTP response status <envoy_v3_api_field_service.auth.v3.DeniedHttpResponse.status>`
// Envoy sends ``403 Forbidden`` HTTP status code by default.
google.rpc.Status status = 1;
// An message that contains HTTP response attributes. This message is

Write Preview
Loading…
Cancel
Save