Add sanitization of decorator-operation header (#1909)

Signed-off-by: Gary Brown <gary@brownuk.com>
envoyproxy · Oct 20, 2017 · 6db53cf · 6db53cf
1 parent 368638f
commit 6db53cf
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 1 deletion.
diff --git a/docs/configuration/http_conn_man/header_sanitizing.rst b/docs/configuration/http_conn_man/header_sanitizing.rst
@@ -12,6 +12,7 @@ depends on the :ref:`use_remote_address <config_http_conn_man_use_remote_address
 
 Envoy will potentially sanitize the following headers:
 
+* :ref:`x-envoy-decorator-operation <config_http_filters_router_x-envoy-decorator-operation>`
 * :ref:`x-envoy-downstream-service-cluster
   <config_http_conn_man_headers_downstream-service-cluster>`
 * :ref:`x-envoy-downstream-service-node <config_http_conn_man_headers_downstream-service-node>`

diff --git a/source/common/http/conn_manager_utility.cc b/source/common/http/conn_manager_utility.cc
@@ -68,6 +68,7 @@ void ConnectionManagerUtility::mutateRequestHeaders(
         Headers::get().EnvoyInternalRequestValues.True);
   } else {
     if (edge_request) {
+      request_headers.removeEnvoyDecoratorOperation();
       request_headers.removeEnvoyDownstreamServiceCluster();
       request_headers.removeEnvoyDownstreamServiceNode();
     }

diff --git a/test/common/http/conn_manager_utility_test.cc b/test/common/http/conn_manager_utility_test.cc
@@ -313,7 +313,8 @@ TEST_F(ConnectionManagerUtilityTest, ExternalAddressExternalRequestUseRemote) {
 
   route_config_.internal_only_headers_.push_back(LowerCaseString("custom_header"));
 
-  TestHeaderMapImpl headers{{"x-envoy-downstream-service-cluster", "foo"},
+  TestHeaderMapImpl headers{{"x-envoy-decorator-operation", "foo"},
+                            {"x-envoy-downstream-service-cluster", "foo"},
                             {"x-envoy-retry-on", "foo"},
                             {"x-envoy-retry-grpc-on", "foo"},
                             {"x-envoy-max-retries", "foo"},
@@ -326,6 +327,7 @@ TEST_F(ConnectionManagerUtilityTest, ExternalAddressExternalRequestUseRemote) {
                                                  route_config_, random_, runtime_, local_info_);
   EXPECT_EQ("50.0.0.1", headers.get_("x-envoy-external-address"));
   EXPECT_FALSE(headers.has("x-envoy-internal"));
+  EXPECT_FALSE(headers.has("x-envoy-decorator-operation"));
   EXPECT_FALSE(headers.has("x-envoy-downstream-service-cluster"));
   EXPECT_FALSE(headers.has("x-envoy-retry-on"));
   EXPECT_FALSE(headers.has("x-envoy-retry-grpc-on"));