[
https://issues.apache.org/jira/browse/NIFI-15784?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18070673#comment-18070673
]
ASF subversion and git services commented on NIFI-15784:
--------------------------------------------------------
Commit 21b5fb4e7e7c9311f0d5eb4d0d44fa245e55a6e5 in nifi's branch
refs/heads/main from Kevin Doran
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=21b5fb4e7e7 ]
NIFI-15784 Forward request headers during upload replication (#11094)
UploadRequest replication (used for asset and NAR uploads) did not forward
inbound servlet headers to peer nodes.
Only three explicit headers (filename, content-type,
cluster-id-generation-seed) were included.
This caused ConnectorRequestContext to not have the full original request
context.
Standard cluster replication (ThreadPoolRequestReplicator) already forwards all
inbound headers via ApplicationResource.getHeaders(),
with appropriate stripping of credentials, hop-by-hop headers, and replication
protocol headers.
Upload replication now use the same approach for consistency.
- Extract shared header-preparation logic into ReplicationHeaderUtils so
credential stripping, proxied-entity injection, and replication header
sanitisation cannot drift between the two replication paths
- Add UploadRequest.forwardRequestHeaders(Map) so callers can opt in to
forwarding inbound servlet headers
- Rebuild outbound headers in StandardUploadRequestReplicator using a secure
pipeline: strip replication headers, strip hop-by-hop, apply explicit builder
headers, apply proxy/credential policy, force-set replication flags
- Wire all current upload call sites (ConnectorResource.createAsset,
ParameterContextResource asset upload, ControllerResource.uploadNar) to forward
inbound headers
- Use File.length() instead of InputStream.available() for reliable
content-length in upload replication
Signed-off-by: David Handermann <[email protected]>
> UploadRequestReplicator should copy all request request headers on replicated
> requests
> --------------------------------------------------------------------------------------
>
> Key: NIFI-15784
> URL: https://issues.apache.org/jira/browse/NIFI-15784
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Reporter: Kevin Doran
> Assignee: Kevin Doran
> Priority: Major
> Time Spent: 1h
> Remaining Estimate: 0h
>
> ConnectorRequestContext is used to provide NiFi API HTTP Request contextual
> information (such as headers) to the ConnectorConfigurationProvider, if
> configured.
> When Connector Assets are uploaded, those requests use the
> StandardUploadRequestReplicator instead of the ThreadPoolRequestReplicator.
> Unlike the ThreadPoolRequestReplicator, the StandardUploadRequestReplicator
> does not copy all headers.
> There might be a good reason for this, but because
> ConnectorConfigurationProvider can manage assets referenced by the
> Connector's working configuration, the ConnectorRequestContext is incomplete
> for asset methods in ConnectorConfigurationProvider.
> This ticket is to explore and implement a solution.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
