sandeepsundaram opened a new issue, #11521:
URL: https://github.com/apache/apisix/issues/11521
### Current Behavior
I have created 2 routes - one for GET and one for POST. Both have the same
URI.
I have attached the key-auth plugin to both routes and used 2 different keys
for the paths.
here are the paths:
````
{
"total": 2,
"list": [
{
"key": "/apisix/routes/anythingGET",
"modifiedIndex": 934,
"createdIndex": 918,
"value": {
"methods": [
"GET"
],
"update_time": 1724333443,
"id": "anythingGET",
"plugins": {
"key-auth": {
"query": "apikey",
"key": "my-key1",
"header": "apikey",
"hide_credentials": false
}
},
"status": 1,
"service_id": "1",
"create_time": 1724332383,
"priority": 0,
"upstream_id": "anythingGET",
"uri": "/anything/*"
}
},
{
"key": "/apisix/routes/anythingPOST",
"modifiedIndex": 938,
"createdIndex": 922,
"value": {
"methods": [
"POST"
],
"update_time": 1724333443,
"id": "anythingPOST",
"plugins": {
"key-auth": {
"query": "apikey",
"key": "my-key2",
"header": "apikey",
"hide_credentials": false
}
},
"status": 1,
"service_id": "1",
"create_time": 1724332383,
"priority": 0,
"upstream_id": "anythingPOST",
"uri": "/anything/*"
}
}
]
}
```
When I test the API for the GET call, both keys are working.
Expected result, only my-key1 should work.
```
curl --location 'http://127.0.0.1:9080/anything/1' \
--header 'apikey: my-key2'
```- WORKING (NOT expected)
```
curl --location 'http://127.0.0.1:9080/anything/1' \
--header 'apikey: my-key1'
```- WORKING (as expected)
```
curl --location 'http://127.0.0.1:9080/anything/1' \
--header 'apikey: my-key3'
```- NOT WORKING (as expected)
### Expected Behavior
Only the specific apikey should work
### Error Logs
_No response_
### Steps to Reproduce
1. create 2 routes with the same URI, but different HTTP verbs
2. add key-auth plugins to them with differnt keys for different verbs
3. test the APIs, the keys will work for both verbs
### Environment
- APISIX version (run `apisix version`): 3.9.1
- Operating system (run `uname -a`):
Linux aabdc6e863e8 6.4.16-linuxkit #1 SMP PREEMPT_DYNAMIC Thu Nov 16
10:55:59 UTC 2023 x86_64 GNU/Linux
- OpenResty / Nginx version (run `openresty -V` or `nginx -V`):
nginx version: openresty/1.25.3.1
built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
built with OpenSSL 3.2.0 23 Nov 2023
- etcd version, if relevant (run `curl
http://127.0.0.1:9090/v1/server_info`): NA
- APISIX Dashboard version, if relevant: NA
- Plugin runner version, for issues related to plugin runners: NA
- LuaRocks version, for installation issues (run `luarocks --version`): NA
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
