Envoy doesn't add headers in case of Gateway Timeout #4317
Comments
lizan
added
the
question
|
When upstream timeout, the response should be returned by envoy, and response_headers_to_add should be understood to refer to the addition of header to the content returned by upstream. |
|
Thank you, @zyfjeff. That indeed makes sense. But is there a way to set header regardless of upstream success/failure? |
|
@pugachAG I looked at the code, the current implementation will only add the header when the upstream response is waited. @lizan Do you think this issue can be used as an enhancement? If you can, I might take the time to implement it. https://github.com/envoyproxy/envoy/blob/master/source/common/router/router.cc#L638 |
|
Yeah it could be an enhancement, note filters before router could respond to the request too, so the change might be wide. @zuercher (per TODO in the code above) thoughts? |
|
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions. |
stale
bot
added
the
stale
|
This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions. |
|
I think the same happens for 503 errors. |
|
Has there been any movement on this? I'm also experiencing the timeout issue being masked by CORs errors in the browser because of this and it would be great if there was some workaround for fixing! |
stale
bot
removed
the
stale
mattklein123
added
area/http
help wanted
|
cc @alyssawilk this might be a good one to look at as you continue your quest to unify a bunch of handling around local replies. |
|
I suspect it's easy enough to move the code around and apply to the new (unified) local response path. Do you think response headers to add should be added unilaterally (runtime guarded) even on local responses, or configured for [only when proxied | all local responses]? The other complication I can think of would be caching, making sure we have the right APIs for if headers should be added before insert or applied to cache hits as headers are sent upstream if there's no one correct answer to what users want there. cc @toddmgreer for thoughts on that. |
|
Alternately we could just expect folks dup their headers into the local reply content modification. if so maybe a FAQ for that? |
My thinking was that we could have common code that both the local reply path and router call to add the response headers, based on the currently snapped/cached route. Agreed this should be runtime guarded, but IMO we could do it unilaterally. Variants of this bug have been opened a ton of times and I think it's the behavior people expect.
Yeah I agree this is complicated. My thinking here though is since the cache filter is not a local reply, it would be acting as the router for cached responses, and could do what it wants in terms of adding headers before or after caching? |
|
So the plan would be doing route-based local header modifications and local reply mapper modifications on local responses? I'm fine with default on with a runtime guard given if folks complain we can always make it configurable after the fact - better than starting with complexity if you don't think it's needed. |
Yeah. Basically just take the code that the router already uses, and move it somewhere common.
+1 |
If "local reply" means "reply generated by sendLocalReply", then CacheFilter doesn't send local replies. If it just means a reply based on in-process (at the time) state, then CacheFilter will often send local replies. I don't think CacheFilter should decide whether to add custom headers before or after caching--what would it base the decision on? If you want to add a response header that will be the same for future responses from cache, add it before/upstream of CacheFilter. If the response gets cached, the added headers will be present in all responses (possibly from multiple Envoys) based on that cache entry. If you want to add a response header that may be different in every response, add it after/downstream of CacheFilter. Perhaps it should be a HeaderInjectionFilter, and the config can say where it goes? |
The latter, like the router filter.
This is more complicated than I would like, given that we have had this functionality for a long time in the router filter and are trying to make it consistent for local replies. IMO it would be simpler to just say that the cache filter acts like the router and just adds the headers post-caching and pre-response. |
|
It may be a bit more complicated than that, as I think (may be misremembering) when doing cache validation the filter sends the upstream headers, then the cached body. If that's true we should just be careful there's no path where we apply them twice. |
Good point. Perhaps there is nothing to do if we assume that the router will add the headers and they get cached? |
Exactly. |
In successful cache validation, the upstream will respond with a 304, the router filter will add custom headers, and the new custom headers will replace the previously cached ones. |
|
Perfect, sounds like a plan. :) |
Commit Message: http: applying route header rules on local replies. Risk Level: Medium (L7 change) Testing: updated integration tests Docs Changes: n/a Release Notes: inline Fixes #4317 Runtime Guard: envoy.reloadable_features.always_apply_route_header_rules Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Description:
Envoy doesn't add headers specified in the route configuration in case of upstream timeout.
Repro steps:
Send request to upstream which doesn't respond within specified route timeout.
Expected: envoy adds headers specified under
response_headers_to_addActual: envoy doesn't add any headers:
route config:
The text was updated successfully, but these errors were encountered: