Open mhamann opened 4 years ago
Add logic to detect when an API might be calling itself (directly or via another API) in a loop, and terminate the loop.
This can be done through injection of unique headers for every hop through the gateway.
For example:
Client request -> GW: GET /api1 GW inject header: X-ApiGw-Loop: get_api1 GW request -> GW: GET /api2 GW inject header: X-ApiGw-Loop: get_api1 get_api2 GW request -> GW: GET /api1 GW analyzes X-ApiGw-Loop and sees get_api1 is already present GW response: 508 Loop detected (or similar)
GET /api1
X-ApiGw-Loop: get_api1
GET /api2
X-ApiGw-Loop: get_api1 get_api2
X-ApiGw-Loop
get_api1
508 Loop detected
Add logic to detect when an API might be calling itself (directly or via another API) in a loop, and terminate the loop.
This can be done through injection of unique headers for every hop through the gateway.
For example:
Client request -> GW:
GET /api1
GW inject header:X-ApiGw-Loop: get_api1
GW request -> GW:GET /api2
GW inject header:X-ApiGw-Loop: get_api1 get_api2
GW request -> GW:GET /api1
GW analyzesX-ApiGw-Loop
and seesget_api1
is already present GW response:508 Loop detected
(or similar)