edevosc2c
commented
6 months ago ping @pmauduit @groldan
Closed edevosc2c closed 6 months ago
edevosc2c
commented
6 months ago ping @pmauduit @groldan
pmauduit
commented
6 months ago I did try to change the default behavior using options like spring.cloud.gateway.x-forwarded.host.enabled
Relying on the doc from the 3.1.7 version of spring-cloud-gateway - https://docs.spring.io/spring-cloud-gateway/docs/3.1.7/reference/html/#xforwarded-headers-filter - it looks like if you want to disable x-forwarded-host header mangling, you should use spring.cloud.gateway.x-forwarded.host-enabled instead.
edevosc2c
commented
6 months ago For the Host header issue, I found this "filter" that can be applied to a single route: https://docs.spring.io/spring-cloud-gateway/docs/3.1.7/reference/html/#the-preservehostheader-gatewayfilter-factory
@groldan @pmauduit any idea on how to have this filter applied to all the routes so globally?
Issue explanation
geOrchestra gateway is overriding the host header to the final application. Also, it is sending twice the host in the X-Forwarded-Host header.
When the gateway is put behind a reverse proxy called traefik I'm getting these headers:
I should be getting the original host
mel.integration.XXXXwhen navigating on https://mel.integration.XXXX/get.Here is an example of correct headers I should be getting, these headers are when the service is not proxied through the gateway:
Consequences of this bug
x-forwarded-hostis invalid according to RFC 1034/1035, it should only contain one host: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host The result of this issue is that some application doesn't work properly because they expect only one host in the header.hostheader, the application may redirect the user to the incorrect URL. Sometimes this happens with datahub container.Solution
The gateway should only act like a "dumb" HTTP proxy, it shouldn't try to modify the original headers sent by the reverse proxy.
I did try to change the default behavior using options like
spring.cloud.gateway.x-forwarded.host.enabledbut that didn't change anything: https://cloud.spring.io/spring-cloud-gateway/2.1.x/multi/multi__httpheadersfilters.html#_xforwarded_headers_filterMaybe there exist a specific parameter for that?