Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sequential Proxy Backends Mutate Request Headers #959

Closed
mathewsheets opened this issue Jan 13, 2025 · 3 comments
Closed

Sequential Proxy Backends Mutate Request Headers #959

mathewsheets opened this issue Jan 13, 2025 · 3 comments
Assignees
@thedae
Labels
question

Comments

@mathewsheets
Copy link

Upgraded from v1.3.0 to 2.8.0, the capability to mutate the request headers in a backend with a lua script so that the next backend can access the mutated request headers no longer works for sequential proxy. Did v2 take away this capability, or is there a different approach I should take?
@thedae
Copy link
Member

thedae commented Jan 14, 2025

Hi @mathewsheets can you share the configuration you're using?

@mathewsheets
Copy link
Author

Thank you for following up. 2 configs attached; 1 for v1.3.0 and 1 for v2.8.0

krakend-1.3.0.json
krakend-2.8.0.json

The desired result is found in config for v1.3.0 and no longer works for config 2.8.0.

Thank you

@thedae thedae self-assigned this Jan 14, 2025
@thedae
Copy link
Member

thedae commented Jan 14, 2025

Yes, this is actually expected. As we move towards a more secure environment, no longer is possible to share the request headers between backends in a sequential flow.

Good news thou, we're currently working on a feature planned for 2.9 where you will be able to propagate parameters among backends without having to specify them in the url_pattern. I just tested your use case and it works as intended:

Endpoint config

    {
      "endpoint": "/",
      "method": "GET",
      "input_headers": [
        "Authorization"
      ],
      "extra_config": {
        "proxy": {
          "sequential": true,
          "sequential_propagated_params": ["resp0_clientToken"]
        }
      },
      "backend": [
        {
          "url_pattern": "/token",
          "method": "POST",
          "extra_config": {
            "modifier/lua-backend": {
              "pre": "local req = request.load(); print('#1 Authorization: ' .. req:headers('Authorization'));",
              "allow_open_libs": true
            }
          }
        },
        {
          "url_pattern": "/test",
          "method": "GET",
          "extra_config": {
            "modifier/lua-backend": {
              "pre": "local req = request.load(); local token = req:params('Resp0_clientToken'); if token then req:headers('Authorization', 'Bearer ' .. token); end print('#2 Authorization: ' .. req:headers('Authorization'))",
              "live": false,
              "allow_open_libs": true
            }
          }
        }
      ]
    }

The /token backend returns a clientToken field which gets propagated in the request params object.

Requesting / endpoint prints the following in the console:

#1 Authorization: Bearer original
#2 Authorization: Bearer some_other_token

... and the /test backend Authorization request header is correctly overwritten to Bearer some_other_token

We plan to release CE 2.9.0 in the following weeks :)

@thedae thedae closed this as completed Jan 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thedae thedae

Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mathewsheets @thedae