Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Host header transform with invalid value results in duplicate host headers #40151

Open
samsp-msft opened this issue Jul 30, 2020 · 5 comments
Open

Host header transform with invalid value results in duplicate host headers #40151

samsp-msft opened this issue Jul 30, 2020 · 5 comments
Labels
area-System.Net.Http bug
Milestone
Future

Comments

@samsp-msft
Copy link
Member

Bug found by customer with Yarp. See dotnet/yarp#334 for full thread.

Bug Description

When using route transforms, if the RequestHeader is set to Host and the set option is set to an invalid value, such as baz,bar, the resulting request forwarded to the backend can have multiple Host headers. However, if a valid value is specified, the behavior is correct (i.e. only one Host header is forwarded, with the value specified in the transform).

Reproducing

Create a config file with a transform specifying an invalid value for the Host header. My transform looks like:

"Transforms": [
  {
    "RequestHeader": "Host",
    "Set": "site,baz"
  },
]

The forwarded request will look like:

image
@ghost
Copy link

ghost commented Jul 30, 2020

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

@Dotnet-GitSync-Bot Dotnet-GitSync-Bot added the untriaged New issue has not been triaged by the area owner label Jul 30, 2020
@wfurt
Copy link
Member

wfurt commented Jul 30, 2020

This may be related to #35126. I think this may not show up in enumeration and then YARP adds them even if the (invalid) header already exist.

@scalablecory
Copy link
Contributor

We think this may be fixed by non-validated enumeration. This should be a pretty rare bug, though, so moving to Future seems reasonable -- @samsp-msft can you comment on how important this is for YARP, and we can move into 5.0 if needed.

@scalablecory scalablecory added this to the Future milestone Aug 6, 2020
@scalablecory scalablecory removed the untriaged New issue has not been triaged by the area owner label Aug 6, 2020
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Due to lack of recent activity, this issue has been marked as a candidate for backlog cleanup. It will be closed if no further activity occurs within 14 more days. Any new comment (by anyone, not necessarily the author) will undo this process.

This process is part of our issue cleanup automation.

@dotnet-policy-service dotnet-policy-service bot added backlog-cleanup-candidate An inactive issue that has been marked for automated closure. no-recent-activity labels Feb 5, 2025
@MihaZupan
Copy link
Member

The issue still exists since we check for the Host existing with validation.

runtime/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/HttpConnection.cs

Line 347 in c9af66c

if (!request.HasHeaders || request.Headers.Host is null)

runtime/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/Http2Connection.cs

Line 1500 in c9af66c

if (request.HasHeaders && request.Headers.Host is string host)

runtime/src/libraries/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/Http3RequestStream.cs

Line 634 in c9af66c

if (request.HasHeaders && request.Headers.Host is string host)

@MihaZupan MihaZupan added bug and removed no-recent-activity backlog-cleanup-candidate An inactive issue that has been marked for automated closure. labels Feb 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-System.Net.Http bug
Projects
None yet
Milestone
Future
Development

No branches or pull requests
5 participants
@scalablecory @wfurt @MihaZupan @Dotnet-GitSync-Bot @samsp-msft