You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/12/06 09:24:13 UTC

[GitHub] [apisix] rampagecong opened a new issue, #8463: bug: The BUG that was created when the response header was modified using the plugin

rampagecong opened a new issue, #8463:
URL: https://github.com/apache/apisix/issues/8463

   ### Current Behavior
   
   I mentioned two PR in the first half of the year about customizing and modifying the response header in apisix-go-plugin-runner, but recently I found some problems.
   
   I called 'r.R.header ().Add("Set-Cookie", v)' in a browser with a runner,
   
   But the same key in the corresponding Set-Cookie was found in another traceless browser with the same value.
   
   My idea is that the 'core.response.set_header' in ext-plugin/init.lua in apisix will modify the 'Set-Cookie 'of the entire apisix response header.
   
   The effect I want is to modify the response header only in the current browser, and not in any other browser.
   
    Code View:
   https://github.dev/apache/apisix/blob/edb8edfd42943c1e112b259f1c1c29bd41136512/apisix/plugins/ext-plugin/init.lua#L658-L673
   
   ### Expected Behavior
   
   The response header was modified in runner to only apply to the current browser, rather than all browsers being executed.
   
   ### Error Logs
   
   runner and apisix execute normally, with no error log and only a problem with the expected effect.
   
   ### Steps to Reproduce
   
   1.Making the runner plugin.
   2.Configure routes and plugins on the dashboard.
   3.Invoke the configured route in the browser
   4.Open two unrelated browsers, one browser accesses the configured route, and the Set-Cookie is modified. Refresh another browser Set-Cookie has been changed to the same value.
   
   ### Environment
   
   - APISIX version (run `apisix version`):3.0.0
   - Operating system (run `uname -a`):Linux rampagecongtest 3.10.0-957.21.3.el7.x86_64 #1 SMP Tue Jun 18 16:35:19 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
   - OpenResty / Nginx version (run `openresty -V` or `nginx -V`):nginx version: openresty/1.21.4.1
   - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`):3.15
   - APISIX Dashboard version, if relevant:2.13.0
   - Plugin runner version, for issues related to plugin runners:apisix-go-plugin-runner
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on issue #8463: bug: The BUG that was created when the response header was modified using the plugin

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on issue #8463:
URL: https://github.com/apache/apisix/issues/8463#issuecomment-1345829888

   > I think it's the same if you use it this way.
   
   
   Then I think this has nothing to do with ext-plugin, but with the scope of influence caused by setting cookies in APISIX.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] rampagecong commented on issue #8463: bug: The BUG that was created when the response header was modified using the plugin

Posted by "rampagecong (via GitHub)" <gi...@apache.org>.

rampagecong commented on issue #8463:
URL: https://github.com/apache/apisix/issues/8463#issuecomment-1408160241

   @spacewander Please have a look at the above problems, can you provide a solution?
   
   https://github.dev/apache/apisix/blob/edb8edfd42943c1e112b259f1c1c29bd41136512/apisix/core/response.lua#L100-L132


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] rampagecong commented on issue #8463: bug: The BUG that was created when the response header was modified using the plugin

Posted by GitBox <gi...@apache.org>.

rampagecong commented on issue #8463:
URL: https://github.com/apache/apisix/issues/8463#issuecomment-1343784524

   > > [github.dev/apache/apisix/blob/edb8edfd42943c1e112b259f1c1c29bd41136512/apisix/plugins/ext-plugin/init.lua#L658-L673](https://github.dev/apache/apisix/blob/edb8edfd42943c1e112b259f1c1c29bd41136512/apisix/plugins/ext-plugin/init.lua#L658-L673)
   > > This is the code that I brought up PR to modify the response header.
   > 
   > Have you tried `Set-Cookie", name ... "=" ... val ... COOKIE_PARAMS` also cause the phenomenon you describe?
   For example:
   	pluginCookie := &http.Cookie{
   		Name:     "test-cookie",
   		Value:    "abcdefg",
   		MaxAge:   0,
   		Path:     "/",
   		Domain:   "",
   		SameSite: 1,
   		Secure:   false,
   		HttpOnly: false,
   	}
   	pluginCookie.String()  //test-cookie=abcdefg; Path=/
   
   `core.response.add_header("Set-Cookie", "test-cookie=abcdefg; Path=/")`
   
   I think it's the same if you use it this way.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on issue #8463: bug: The BUG that was created when the response header was modified using the plugin

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on issue #8463:
URL: https://github.com/apache/apisix/issues/8463#issuecomment-1340930704

   > [github.dev/apache/apisix/blob/edb8edfd42943c1e112b259f1c1c29bd41136512/apisix/plugins/ext-plugin/init.lua#L658-L673](https://github.dev/apache/apisix/blob/edb8edfd42943c1e112b259f1c1c29bd41136512/apisix/plugins/ext-plugin/init.lua#L658-L673)
   > 
   > This is the code that I brought up PR to modify the response header.
   
   Have you tried `Set-Cookie", name ... "=" ... val ... COOKIE_PARAMS` also cause the phenomenon you describe?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] rampagecong commented on issue #8463: bug: The BUG that was created when the response header was modified using the plugin

Posted by GitBox <gi...@apache.org>.

rampagecong commented on issue #8463:
URL: https://github.com/apache/apisix/issues/8463#issuecomment-1340550705

   > > I called 'r.R.header ().Add("Set-Cookie", v)' in a browser with a runner,
   > 
   > I think you should be careful with `("Set-Cookie", v)`, here is how to modify the response cookie in APISIX:
   > 
   > https://github.com/apache/apisix/blob/1da09bf4442e2a2cafd309ecd6297551342a4cb8/apisix/plugins/cas-auth.lua#L64-L66
   > 
   > As you can see, only the cookie with a specific name will be modified here.
   
   I see.
   
   https://github.dev/apache/apisix/blob/edb8edfd42943c1e112b259f1c1c29bd41136512/apisix/plugins/ext-plugin/init.lua#L658-L673
   
   This is the code that I brought up PR to modify the response header.
   
   The use of set-cookie in core.response.add_header will affect both the current browser and the cookie in the browser accessing the route. I think it should not be so. Should be a cookie that only affects the currently accessed browser.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] rampagecong commented on issue #8463: bug: The BUG that was created when the response header was modified using the plugin

Posted by "rampagecong (via GitHub)" <gi...@apache.org>.

rampagecong commented on issue #8463:
URL: https://github.com/apache/apisix/issues/8463#issuecomment-1409625885

   I found the problem.There was a BUG in the PR I submitted earlier for 'apisix-go-plugin-runner'.
   https://github.dev/apache/apisix-go-plugin-runner/blob/ccd171d45d59ec252e200672145d483f1661abf1/internal/http/request.go#L192-L205
   **r.respHdr = nil**
   Looks like someone already found it.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on issue #8463: bug: The BUG that was created when the response header was modified using the plugin

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on issue #8463:
URL: https://github.com/apache/apisix/issues/8463#issuecomment-1340339354

   > I called 'r.R.header ().Add("Set-Cookie", v)' in a browser with a runner,
   
   I think you should be careful with `("Set-Cookie", v)`, here is how to modify the response cookie in APISIX: https://github.com/apache/apisix/blob/master/apisix/plugins/cas-auth.lua#L64-L66
   
   As you can see, only the cookie with a specific name will be modified here.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] rampagecong closed issue #8463: bug: The BUG that was created when the response header was modified using the plugin

Posted by "rampagecong (via GitHub)" <gi...@apache.org>.

rampagecong closed issue #8463: bug: The BUG that was created when the response header was modified using the plugin
URL: https://github.com/apache/apisix/issues/8463


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] rampagecong commented on issue #8463: bug: The BUG that was created when the response header was modified using the plugin

Posted by GitBox <gi...@apache.org>.

rampagecong commented on issue #8463:
URL: https://github.com/apache/apisix/issues/8463#issuecomment-1346122613

   > > I think it's the same if you use it this way.
   > 
   > Then I think this has nothing to do with ext-plugin, but with the scope of influence caused by setting cookies in APISIX.
   
   Yeah, that's why I brought it up. See if the developers can come up with better suggestions.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org