Page MenuHomePhorge

Fix stripping headers from proxy requests to other cluster nodes
Needs ReviewPublic

Authored by aklapper on Jul 25 2024, 13:31.

Details

Reviewers
avivey
Group Reviewers
O1: Blessed Committers
Summary

Cannot unset offset 'Authorization'|'Host' on array<int<0, max>, array{string, mixed}>.

Thus do not mix up the parent array's $key with the $key of the child array inside the parent array's $value, basically.

Compare similar code at the bottom of https://we.phorge.it/source/phorge/browse/master/src/aphront/response/AphrontHTTPProxyResponse.php doing it right.

Test Plan

Run static code analysis; read the code.

Diff Detail

Repository
rP Phorge
Branch
aphrontProxyReqCluster
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 1546
Build 1546: arc lint + arc unit

Event Timeline

avivey subscribed.

BTW - is something normalizing the header casing?

This revision is now accepted and ready to land.Aug 3 2024, 06:07

BTW - is something normalizing the header casing?

Good point... Not that I know, so let's also normalize the header casing to be on the safe side

I did some digging:

First - we do normalize the headers a bit before, when we extract them from $_SERVER.

Second - $headers isn't key-value array, it's a list of pairs (because headers may be repeated). $header_key should probably be $header_index to better convey this.

And third, we only ever get get headers in the form of X-Hgargs-* in $headers. We do this filtering in line 915, so the two headers we special-case here won't ever happen.

So if I'm reading this correctly, the right thing to do here is:

  1. Delete this loop
  2. (bonus): Delete the $seen array, and always assume true for the if in line 928.
src/aphront/AphrontRequest.php
907

This here normalizes them!

Do what avivey analyzed (thanks!) and wrote in D25743#20738

Everything you wrote makes sense now, just took me a while to understand the code.

aklapper marked an inline comment as done.

@avivey: Would you like to give this another review, once you find some spare time? TIA!