Supports setting the :scheme header of upstream requests based on upstream crypto
#30134
Labels
enhancement
Feature requests. Not bugs or questions.
stale
stalebot believes this issue/PR has not been touched recently
Comments
johnlanni
added
enhancement
|
I'm interested in implementing this feature if you guys think it's needed. |
|
I don't think it's needed but I think it's completely fine to add. cc @yanavlasov because it's sorta header sanitization |
|
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions. |
github-actions
bot
added
the
stale
|
This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Title: Supports setting the scheme header of upstream requests based on upstream encryption
Description:
My scenario is that Envoy receives gRPCs(encrypted) requests and proxies gRPC (not encrypted) request to a .NET service. The .NET gRPC framework checks the :scheme header, if the request is not encrypted, but the :scheme is https, the request will fail.
I solved the problem by setting the HCM option scheme_header_transformation to http, but this option has a side effect of setting the XFP header to http, which makes it impossible to determine the Envoy downstream protocol through the XFP header.
As @alyssawilk commented here, we may need to extend the cluster configuration options to set the scheme based on upstream crypto instead of defaulting to XFP.
The text was updated successfully, but these errors were encountered: