Open sadieleob opened 3 months ago
Enterprise
v1.16.10
1.27
Using extractors and appending set-cookie headers does not work in Gloo Edge.
We expect to be able to modify the set-cookie in the response headers, by adding SameSite=None for example with the following configuration:
apiVersion: gateway.solo.io/v1 kind: VirtualService metadata: name: httpbin namespace: gloo-system spec: virtualHost: domains: - iamready.servebeer.com routes: - matchers: - prefix: / options: stagedTransformations: regular: responseTransforms: - responseTransformation: logRequestResponseInfo: true transformationTemplate: advancedTemplates: true extractors: cookies_id: header: set-cookie regex: ".*staging_dev_id_token.*" subgroup: 1 cookies_access: header: set-cookie regex: ".*staging_dev_access_token.*" subgroup: 1 headers: set-cookie: text: '{{ extraction ("cookies_id") }}; SameSite=None' headersToAppend: - key: set-cookie value: text: '{{ extraction ("cookies_access") }}; SameSite=None' autoHostRewrite: true routeAction: single: upstream: name: default-httpbin-8000 namespace: gloo-system
We expect to see:
< set-cookie: staging_dev_id_token=value1; SameSite=None < set-cookie: staging_dev_access_token=value2; SameSite=None
The current behavior is that headers extracted or appended in the virtualservice configuration are not actually appended to the set-cookie headers in the response, as shown below
curl -v 'http://iamready.servebeer.com/response-headers?Set-Cookie=staging_dev_id_token=value1&Set-Cookie=staging_dev_access_token=value2' * Host iamready.servebeer.com:80 was resolved. * IPv6: (none) * IPv4: 35.166.120.164 * Trying 35.166.120.164:80... * Connected to iamready.servebeer.com (35.166.120.164) port 80 > GET /response-headers?Set-Cookie=staging_dev_id_token=value1&Set-Cookie=staging_dev_access_token=value2 HTTP/1.1 > Host: iamready.servebeer.com > User-Agent: curl/8.6.0 > Accept: */* > < HTTP/1.1 200 OK < server: envoy < date: Tue, 18 Jun 2024 21:55:24 GMT < content-type: application/json < content-length: 167 < set-cookie: staging_dev_id_token=value1 < set-cookie: staging_dev_access_token=value2 < access-control-allow-origin: * < access-control-allow-credentials: true < x-envoy-upstream-service-time: 1 < x-ratelimit-limit: 1000 < x-ratelimit-remaining: 999 < x-ratelimit-reset: 1 < { "Content-Length": "167", "Content-Type": "application/json", "Set-Cookie": [ "staging_dev_id_token=value1", "staging_dev_access_token=value2" ] }
This was tested in httpbin and querying the endpoint /response_headers
Also tried:
apiVersion: gateway.solo.io/v1 kind: VirtualService metadata: name: httpbin namespace: gloo-system spec: virtualHost: domains: - iamready.servebeer.com routes: - matchers: - prefix: / options: stagedTransformations: regular: responseTransforms: - responseTransformation: logRequestResponseInfo: true transformationTemplate: advancedTemplates: true extractors: cookies_access: header: set-cookie regex: .*[;](.*) subgroup: 1 cookies_id: header: set-cookie regex: (.*)[;].* subgroup: 1 headers: set-cookie: text: '{{ extraction("cookies_id") }}; SameSite=None {{ extraction("cookies_access") }}; SameSite=None' autoHostRewrite: true routeAction: single: upstream: name: default-httpbin-8000 namespace: gloo-system
Query:
curl -v 'http://<fqdn>/response-headers?Set-Cookie=staging_dev_id_token=value1&Set-Cookie=staging_dev_access_token=value2'
No response
Zendesk ticket #3870 has been linked to this issue.
Gloo Edge Product
Enterprise
Gloo Edge Version
v1.16.10
Kubernetes Version
1.27
Describe the bug
Using extractors and appending set-cookie headers does not work in Gloo Edge.
Expected Behavior
We expect to be able to modify the set-cookie in the response headers, by adding SameSite=None for example with the following configuration:
We expect to see:
The current behavior is that headers extracted or appended in the virtualservice configuration are not actually appended to the set-cookie headers in the response, as shown below
Steps to reproduce the bug
This was tested in httpbin and querying the endpoint /response_headers
Also tried:
Query:
Additional Environment Detail
No response
Additional Context
No response