Open mhamann opened 4 years ago
Add logic to detect when an API might be calling itself (directly or via another API) in a loop, and terminate the loop.
This can be done through injection of unique headers for every hop through the gateway.
For example:
Client request -> GW: GET /api1 GW inject header: X-ApiGw-Loop: get_api1 GW request -> GW: GET /api2 GW inject header: X-ApiGw-Loop: get_api1 get_api2 GW request -> GW: GET /api1 GW analyzes X-ApiGw-Loop and sees get_api1 is already present GW response: 508 Loop detected (or similar)
GET /api1
X-ApiGw-Loop: get_api1
GET /api2
X-ApiGw-Loop: get_api1 get_api2
X-ApiGw-Loop
get_api1
508 Loop detected
Add logic to detect when an API might be calling itself (directly or via another API) in a loop, and terminate the loop.
This can be done through injection of unique headers for every hop through the gateway.
For example:
Client request -> GW:
GET /api1GW inject header:X-ApiGw-Loop: get_api1GW request -> GW:GET /api2GW inject header:X-ApiGw-Loop: get_api1 get_api2GW request -> GW:GET /api1GW analyzesX-ApiGw-Loopand seesget_api1is already present GW response:508 Loop detected(or similar)