You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, when we implement configurable access logging or start using NGINX variables in other places, it can create problems, if users uses the request header with the name matches.
For example, consider the following NGINX configurations and curl requests:
server {
listen80;
set$http_matches"my-value";
return200"$http_matches\n";
}
curl localhost -H "matches: 123"
my-value
server {
listen80;
#set $http_matches "my-value";return200"$http_matches\n";
}
curl localhost -H "matches: 123"
123
The text was updated successfully, but these errors were encountered:
mpstefan
added
tech-debt
Short-term pain, long-term benefit
backlog
Currently unprioritized work. May change with user feedback or as the product progresses.
labels
Apr 18, 2024
To implement complex routing rules like
nginx-gateway-fabric/examples/advanced-routing/cafe-routes.yaml
Lines 18 to 30 in 03e24fe
$http_matches
to pass it to njs code for further processing.Unfortunately,
$http_
variable is a built-in variable used to look up headers - https://nginx.org/en/docs/http/ngx_http_core_module.html#var_http_` , which can override the original header value and create problems.Note: right now, it doesn't cause any problems - because njs code gets access to headers separately through r.headersIn
nginx-gateway-fabric/internal/mode/static/nginx/modules/src/httpmatches.js
Line 109 in 03e24fe
However, when we implement configurable access logging or start using NGINX variables in other places, it can create problems, if users uses the request header with the name
matches
.For example, consider the following NGINX configurations and curl requests:
The text was updated successfully, but these errors were encountered: