[PR] Allow set-body to replace origin server response bodies [trafficserver]

Wed, 11 Feb 2026 15:45:30 -0800 


bryancall opened a new pull request, #12879:
URL: https://github.com/apache/trafficserver/pull/12879

   ## Summary
   
   The `header_rewrite` plugin's `set-body` operator (which calls 
`TSHttpTxnErrorBodySet()`) previously only worked for ATS-generated responses. 
When the origin returned a real response, the body was streamed through the 
HTTP tunnel and `internal_msg_buffer` was ignored. This meant plugins could not 
use `set-body` to replace or sanitize origin response bodies (e.g., stripping 
sensitive information from error pages).
   
   This PR adds a check for `internal_msg_buffer` in the `SERVER_READ` and 
`TRANSFORM_READ` paths of `HttpSM::handle_api_return()`. When a plugin has set 
the internal message buffer, ATS now drains the origin response body (if 
possible for connection reuse) and uses `setup_internal_transfer()` instead of 
the tunnel.
   
   ## Changes
   
   - **`HttpSM::handle_api_return()`** — Check `internal_msg_buffer` in 
`SERVER_READ` and `TRANSFORM_READ` cases; divert to `setup_internal_transfer()` 
when set
   - **`HttpSM::do_drain_server_response_body()`** — New function that 
synchronously consumes the origin body from the buffer when fully available, 
enabling connection reuse. Falls back to closing the connection for chunked, 
unknown-length, or partially-received bodies
   - **`HttpSM::release_server_session()`** — Widen the pooling condition to 
allow connection reuse after successful body drain (not just 304/HEAD responses)
   - **`header_rewrite operators.cc`** — Add `TS_HTTP_READ_RESPONSE_HDR_HOOK` 
to `set-body`'s allowed hooks so plugins can inspect origin response headers 
and replace the body
   - **Documentation** — Updated `set-body` docs with origin response use case, 
connection reuse behavior, and example rule
   - **Autest** — New replay-based test covering origin body replacement at 
both `READ_RESPONSE_HDR_HOOK` and `SEND_RESPONSE_HDR_HOOK`, including 403, 200, 
and empty-body cases
   
   ## Example Use Case
   
   Sanitize a 403 response from an origin that leaks account information:
   
   ```
   cond %{READ_RESPONSE_HDR_HOOK} [AND]
   cond %{STATUS} =403
       set-body "Access Denied"
   ```
   
   ## Test Plan
   
   - [x] Autest: `header_rewrite_set_body_origin` covering 4 scenarios (403/200 
at both hooks, empty body)
   - [x] Manual testing with `curl` against live proxy
   - [x] Verified connection reuse via debug logs after body drain
   - [x] Verified connection close for chunked/partial bodies


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to