Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(proxy) add configuration options to hide server tokens and latency tokens #2259

Merged
merged 13 commits into from
Mar 31, 2017
Merged
Show file tree
Hide file tree
Changes from 11 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,10 @@

### Added

- :fireworks: `server_tokens` and `latency_tokens` configuration fields.
Check the [0.10 Configuration Guide](https://getkong.org/docs/0.10.x/configuration/#server_tokens)
to learn more.
[#2259](https://github.com/Mashape/kong/pull/2259)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could explain a bit more what this change is about and respect the 80 cols limit as well. Maybe:

- Ability to hide Kong-specific response headers. Two new configuration fields:
  `server_tokens` and `latency_tokens` will respectively toggle whether the `Server`
  and `X-Kong-*-Latency` headers should be sent to downstream clients.

Also in general, there is no need to point to the configuration guide for new config fields, since the guide does not elaborate more on properties than the kong.conf.default file,which already has a comment for each property.

- Plugins:
- cors: Support for configuring multiple Origin domains.
[#2203](https://github.com/Mashape/kong/pull/2203)
Expand Down
10 changes: 10 additions & 0 deletions kong.conf.default
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,16 @@
# process. When this number is exceeded, the
# least recently used connections are closed.

#server_tokens = on # Enables or disables emitting Kong version on
# error pages and in the "Server" or "Via"
# (in case the request was proxied) response
# header field.

#latency_tokens = on # Enables or disables emitting Kong latency
# information in the "X-Kong-Proxy-Latency"
# and "X-Kong-Upstream-Latency" response
# header fields.

#------------------------------------------------------------------------------
# DATASTORE
#------------------------------------------------------------------------------
Expand Down
4 changes: 3 additions & 1 deletion kong/conf_loader.lua
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,8 @@ local CONF_INFERENCES = {
cluster_advertise = {typ = "string"},
nginx_worker_processes = {typ = "string"},
upstream_keepalive = {typ = "number"},
server_tokens = {typ = "boolean"},
latency_tokens = {typ = "boolean"},

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't those be called 'headers' instead of 'tokens'

Copy link
Member Author

@bungle bungle Mar 27, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the conclusion, server_tokens vs. server_headers? Or something different?

Copy link
Member Author

@bungle bungle Mar 27, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

server_header is kinda bad as it says "no headers at all", when off. Something like kong_version_headers and kong_latency_headers could be better.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just leave it at tokens.

database = {enum = {"postgres", "cassandra"}},
pg_port = {typ = "number"},
Expand Down Expand Up @@ -424,7 +426,7 @@ local function load(path, custom_conf)
-- initialize the dns client, so the globally patched tcp.connect method
-- will work from here onwards.
assert(require("kong.tools.dns")(conf))

return setmetatable(conf, nil) -- remove Map mt
end

Expand Down
9 changes: 7 additions & 2 deletions kong/core/error_handlers.lua
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
local singletons = require "kong.singletons"

local find = string.find
local format = string.format

Expand Down Expand Up @@ -52,7 +54,10 @@ return function(ngx)
local status = ngx.status
message = BODIES["s"..status] and BODIES["s"..status] or format(BODIES.default, status)

ngx.header["Server"] = SERVER_HEADER
if singletons.configuration.server_tokens then
ngx.header["Server"] = SERVER_HEADER
end

ngx.header["Content-Type"] = content_type
ngx.say(format(template, message))
end
end
33 changes: 24 additions & 9 deletions kong/core/handler.lua
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ return {
end

-- if set `host_header` is the original header to be preserved
var.upstream_host = host_header or
var.upstream_host = host_header or
balancer_address.hostname..":"..balancer_address.port

end,
Expand All @@ -137,19 +137,34 @@ return {
},
header_filter = {
before = function()
if ngx.ctx.KONG_PROXIED then
local ctx = ngx.ctx

if ctx.KONG_PROXIED then
local now = get_now()
ngx.ctx.KONG_WAITING_TIME = now - ngx.ctx.KONG_ACCESS_ENDED_AT -- time spent waiting for a response from upstream
ngx.ctx.KONG_HEADER_FILTER_STARTED_AT = now
ctx.KONG_WAITING_TIME = now - ctx.KONG_ACCESS_ENDED_AT -- time spent waiting for a response from upstream
ctx.KONG_HEADER_FILTER_STARTED_AT = now
end
end,
after = function()
if ngx.ctx.KONG_PROXIED then
ngx.header[constants.HEADERS.UPSTREAM_LATENCY] = ngx.ctx.KONG_WAITING_TIME
ngx.header[constants.HEADERS.PROXY_LATENCY] = ngx.ctx.KONG_PROXY_LATENCY
ngx.header["Via"] = server_header
local ctx, header = ngx.ctx, ngx.header

if ctx.KONG_PROXIED then
if singletons.configuration.latency_tokens then
header[constants.HEADERS.UPSTREAM_LATENCY] = ctx.KONG_WAITING_TIME
header[constants.HEADERS.PROXY_LATENCY] = ctx.KONG_PROXY_LATENCY
end

if singletons.configuration.server_tokens then
header["Via"] = server_header
end

else
ngx.header["Server"] = server_header
if singletons.configuration.server_tokens then
header["Server"] = server_header

else
header["Server"] = nil
end
end
end
},
Expand Down
2 changes: 2 additions & 0 deletions kong/templates/kong_defaults.lua
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ admin_ssl = on
admin_ssl_cert = NONE
admin_ssl_cert_key = NONE
upstream_keepalive = 60
server_tokens = on
latency_tokens = on

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

those also need to be added to the kong/kong.conf.default file including a description.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added.

database = postgres
pg_host = 127.0.0.1
Expand Down
Loading