Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

added option to ignore illegal headers #973

Open
wants to merge 7 commits into
base: develop
Choose a base branch
from
Open

added option to ignore illegal headers #973

wants to merge 7 commits into from

Conversation

jyang-broad
Copy link
Contributor

@jyang-broad jyang-broad commented Jan 31, 2023
edited
Loading

Ticket: https://broadworkbench.atlassian.net/browse/DDO-2622

What: Adds a new config option to sam's conf for ignoring bad header. This feature was removed in the fc-dev removal, original thread: https://broadinstitute.slack.com/archives/CADM7MZ35/p1665685716707079?thread_ts=1665522324.115159&cid=CADM7MZ35

Why: Becuase otherwise sam (only in BEEs, or any terra using an NGINX ingress) will continously throw x-forwarded-host herrors

How: adds a config to option to ignore those warnings

PR checklist

  • I've followed the instructions if I've made any changes to the API, especially if they're breaking changes
  • I've filled out the Security Risk Assessment (requires Broad Internal network access) and attached the result to the JIRA ticket

Ghost-in-a-Jar
Ghost-in-a-Jar approved these changes Feb 1, 2023
View reviewed changes
Copy link
Contributor

@Ghost-in-a-Jar Ghost-in-a-Jar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh jeez maybe I didn't actually test this in a bee

@jyang-broad
Copy link
Contributor Author

jyang-broad commented Feb 1, 2023
edited
Loading

Manual Testing done on configs:
nothing set: sam loads sucessfully, but does not supress warnings

     value: x-forwarded-host

set: x-forwarded-host is supressed but user-agent warnings are not

            - name: IGNORE_ILLEGAL_HEADERS.0
              value: x-forwarded-host
            - name: IGNORE_ILLEGAL_HEADERS.1
              value: user-agent

both x-forwarded-host and user-agent errors are suppressed

gpolumbo-broad
gpolumbo-broad suggested changes Feb 2, 2023
View reviewed changes
src/main/resources/sam.conf
@@ -3,6 +3,9 @@ akka {
server {
idle-timeout = 180 s
request-timeout = 60 s
parsing {
ignore-illegal-header-for = ${?IGNORE_ILLEGAL_HEADERS}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mind adding a comment explaining what this is and why it might be used?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gladly! hows that?

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 2, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@jyang-broad
Copy link
Contributor Author

jenkins retest

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gpolumbo-broad gpolumbo-broad gpolumbo-broad approved these changes

@Ghost-in-a-Jar Ghost-in-a-Jar Ghost-in-a-Jar approved these changes

@tlangs tlangs tlangs approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
on hold
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jyang-broad @tlangs @Ghost-in-a-Jar @gpolumbo-broad @davidangb