Copilot commented on code in PR #13333:
URL: https://github.com/apache/trafficserver/pull/13333#discussion_r3475757568
##########
plugins/authproxy/authproxy.cc:
##########
@@ -296,6 +296,16 @@ AuthWriteHeadRequest(AuthRequestContext *auth)
// Next, we need to rewrite the client request URL to be a HEAD request.
TSReleaseAssert(TSHttpHdrMethodSet(rq.buffer, rq.header,
TS_HTTP_METHOD_HEAD, -1) == TS_SUCCESS);
+ // This sub-request is bodyless (HEAD + Content-Length: 0), but the copied
+ // client request may carry request-body framing (e.g. a chunked POST or
+ // Expect: 100-continue). Left in place it is self-contradictory: ATS sets up
+ // a request-body tunnel for a body that never arrives (stalling the probe
+ // until timeout), and proxy.config.http.reject_head_with_content rejects a
+ // HEAD that declares content. Strip the framing when forcing
Content-Length: 0.
+ HttpRemoveMimeHeader(rq.buffer, rq.header, TS_MIME_FIELD_TRANSFER_ENCODING);
+ HttpRemoveMimeHeader(rq.buffer, rq.header, "Trailer");
+ HttpRemoveMimeHeader(rq.buffer, rq.header, TS_MIME_FIELD_EXPECT);
+
HttpSetMimeHeader(rq.buffer, rq.header, TS_MIME_FIELD_CONTENT_LENGTH, 0u);
Review Comment:
This sub-request is being normalized to bodyless, but only
Transfer-Encoding/Trailer/Expect are removed. If the copied client request had
multiple Content-Length fields, HttpSetMimeHeader() only updates one instance,
leaving any other Content-Length headers intact and potentially reintroducing a
non-zero length/body framing contradiction. Remove all existing Content-Length
fields before setting it to 0 to ensure the request is unambiguously bodyless.
##########
plugins/authproxy/authproxy.cc:
##########
@@ -333,6 +343,13 @@ AuthWriteRangeRequest(AuthRequestContext *auth)
TSReleaseAssert(TSHttpHdrMethodSet(rq.buffer, rq.header,
TS_HTTP_METHOD_GET, -1) == TS_SUCCESS);
}
+ // The body is dropped (Content-Length: 0), so strip any request-body framing
+ // (Transfer-Encoding/Trailer/Expect) copied from the client request to keep
+ // the sub-request well-formed.
+ HttpRemoveMimeHeader(rq.buffer, rq.header, TS_MIME_FIELD_TRANSFER_ENCODING);
+ HttpRemoveMimeHeader(rq.buffer, rq.header, "Trailer");
+ HttpRemoveMimeHeader(rq.buffer, rq.header, TS_MIME_FIELD_EXPECT);
+
HttpSetMimeHeader(rq.buffer, rq.header, TS_MIME_FIELD_CONTENT_LENGTH, 0u);
Review Comment:
This sub-request is being forced bodyless, but only
Transfer-Encoding/Trailer/Expect are stripped. If the client request included
multiple Content-Length headers, HttpSetMimeHeader() will only rewrite one of
them and any remaining Content-Length fields can conflict with the intended
"Content-Length: 0". Remove all existing Content-Length fields before setting
it to 0.
##########
plugins/authproxy/authproxy.cc:
##########
@@ -386,6 +403,14 @@ AuthWriteRedirectedRequest(AuthRequestContext *auth)
TSHandleMLocRelease(rq.buffer, rq.header, murl);
HttpSetMimeHeader(rq.buffer, rq.header, TS_MIME_FIELD_HOST, hostbuf);
+
+ // The body is dropped (Content-Length: 0), so strip any request-body framing
+ // (Transfer-Encoding/Trailer/Expect) copied from the client request to keep
+ // the sub-request well-formed.
+ HttpRemoveMimeHeader(rq.buffer, rq.header, TS_MIME_FIELD_TRANSFER_ENCODING);
+ HttpRemoveMimeHeader(rq.buffer, rq.header, "Trailer");
+ HttpRemoveMimeHeader(rq.buffer, rq.header, TS_MIME_FIELD_EXPECT);
+
HttpSetMimeHeader(rq.buffer, rq.header, TS_MIME_FIELD_CONTENT_LENGTH, 0u);
Review Comment:
This sub-request is being normalized to bodyless, but existing
Content-Length duplicates (if present in the copied client request) are not
removed. Since HttpSetMimeHeader() only updates a single field instance, any
additional Content-Length headers can remain and conflict with the intended
"Content-Length: 0". Remove all Content-Length fields before setting the header.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]