zhoujiexiong commented on PR #11350: URL: https://github.com/apache/apisix/pull/11350#issuecomment-2172343593
Hi @bzp2010 , Thank you for replying. *** I also noticed the doc. you attached. It means that once we invoke ngx.req.socket(), it become ours responsibility to manage the client_body. See also: https://github.com/openresty/lua-nginx-module?tab=readme-ov-file#ngxreqinit_body Code snippet from ngx_lua/ngx_http_lua_socket_tcp.c: ```c static int ngx_http_lua_req_socket(lua_State *L) { ... /* prevent other request body reader from running */ rb = ngx_pcalloc(r->pool, sizeof(ngx_http_request_body_t)); if (rb == NULL) { return luaL_error(L, "no memory"); } rb->rest = r->headers_in.content_length_n; r->request_body = rb; ``` New empty request_body(control block) for the request but not touch the original content_length of the request. *** In my recent applicaion(using APISIX v3.9/forward_auth): 1. [POST]_client_req -> [POST]_fw_auth_svc 2. Just need Authentication HTTP header for AUTH, but client_body is forwarded also 3. Encounter the [issue](https://github.com/apache/apisix/issues/11050) My workaround: [POST]_fw_auth_svc -> [GET]_fw_auth_svc It's work fine for my scenario so far. But I believe that there are scenarios that need to forward client_body to auth_svc for some biz logic, e.g. Calc. digest from client_body and verify request signature. Envoy supports more control options for the similer feature, such as "with_request_body/max_request_bytes". See also: https://www.envoyproxy.io/docs/envoy/v1.28.0/api-v3/extensions/filters/http/ext_authz/v3/ext_authz.proto#envoy-v3-api-msg-extensions-filters-http-ext-authz-v3-extauthz So I proposed this PR. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
