3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-08 13:52:53 +02:00
Code Issues Projects Releases Packages Wiki Activity

internal/controlplane: using envoy strip host port matching (#1126)

Browse source 
* internal/controlplane: using envoy strip host port matching

With envoy 1.15.0 release, strip host port matching setting allows
incoming request with Host "example:443" will match again route with
domains match set to "example".

Not that this is not standard HTTP behavior, but it's more convenient
for users.

Fixes #959

* docs/docs: add note about enable envoy strip host port matching
This commit is contained in:
Cuong Manh Le 2020-07-22 23:51:57 +07:00 committed by GitHub
parent 504197d83b
commit 489cdd8b63
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/docs/CHANGELOG.md
View file

@ -10,6 +10,7 @@
- authenticate: allow hot reloaded admin users config @cuonglm [GH-984]
- authorize: include "kid" in JWT headers @cuonglm [GH-1046]
- config: both base64 and file reference can be used for "certificates" @dmitrif [GH-1055]
- envoy: enable strip host port matching @cuonglm [GH-1126]
### Changes

1
internal/controlplane/xds_listeners.go
View file

@ -227,6 +227,7 @@ func buildMainHTTPConnectionManagerFilter(options *config.Options, domains []str
// See https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
UseRemoteAddress: &wrappers.BoolValue{Value: true},
SkipXffAppend: false,
StripMatchingHostPort: true,
})
return &envoy_config_listener_v3.Filter{

1
internal/controlplane/xds_listeners_test.go
View file

@ -308,6 +308,7 @@ func Test_buildMainHTTPConnectionManagerFilter(t *testing.T) {
"validateClusters": false
},
"statPrefix": "ingress",
"stripMatchingHostPort": true,
"tracing": {
"randomSampling": {
"value": 0.01