shreemaan-abhishek opened a new pull request, #13642:
URL: https://github.com/apache/apisix/pull/13642

   ### Description
   
   When `forward-auth` is configured with `request_method: POST`, the plugin 
buffers the client request body and re-sends it as a whole to the auth service. 
However it also copied the client's `Transfer-Encoding`, `Content-Length` and 
`Expect` headers verbatim into the auth request.
   
   Once the body has been read it is de-chunked and buffered, so those framing 
headers no longer describe the bytes actually sent. In particular, a client 
using `Transfer-Encoding: chunked` caused the auth service to receive a 
`Transfer-Encoding: chunked` request whose body was not chunk-framed, leaving 
the auth request internally inconsistent.
   
   These framing headers were originally added when the body was streamed to 
the auth service via a body reader (#10589). That streaming path was later 
reverted to a buffered body (#12404), but the header copy was left behind and 
no longer matches the buffered send.
   
   This change keeps only `Content-Encoding` (which still applies to the 
buffered bytes, since nginx does not decode request content-encoding) and lets 
the HTTP client set a fresh, correct `Content-Length` for the buffered body. 
`Transfer-Encoding`, `Content-Length` and `Expect` are no longer forwarded from 
the client on the POST path.
   
   #### Which issue(s) this PR fixes:
   Fixes #
   
   ### Checklist
   
   - [x] I have explained the need for this PR and the problem it solves
   - [x] I have explained the changes or the new features added to this PR
   - [x] I have added tests corresponding to this change
   - [ ] I have updated the documentation to reflect this change
   - [x] I have verified that this change is backward compatible (If not, 
please discuss on the [APISIX mailing 
list](https://github.com/apache/apisix/tree/master#community) first)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to