envoyproxy/envoy

use correct :scheme header in async_client requests

Open

#38,608 opened on Feb 28, 2025

View on GitHub
 (1 comment) (0 reactions) (0 assignees)C++ (5,373 forks)batch import
area/httpbughelp wanted

Repository metrics

Stars
 (27,997 stars)
PR merge metrics
 (Avg merge 8d) (378 merged PRs in 30d)

Description

Title: use correct :scheme header in async_client requests

Description: This is a follow up of PR #37978

There I discovered, that requests of the jwks_fetcher did not set the proper :scheme pseudo header, according to the configured URI (it was always 'http' even the transport was 'https'). This lead to problems if http/2 was higher is being used with some servers. For the jwks_fetcher this was fixed in #37978.

But this is a general issue with other 'envoy originating' requests. For example the token endpoint requests of the oauth2 filter will will have the same problem.

In the PR I extended the Http::Utility::prepareHeaders() function to also generate the :scheme header according to the given URI (if the optional include_scheme flag is set).

So to find and fix other affected areas one could search the code for usages of the prepareHeaders() function and consider if this is an affected request and set the include_scheme flag.

Since I will not be able to do it myself in the foreseeable future I open this Issue so maybe some else might do it or at least there is an issue to track this.

Regards

Contributor guide