[
https://issues.apache.org/jira/browse/SOLR-14898?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris M. Hostetter updated SOLR-14898:
--------------------------------------
Attachment: SOLR-14898.patch
Status: Open (was: Open)
writing a junit test proved (virutally) impossible due to SOLR-14903.
Attached patch includes manually verified fix, as well as the starting point of
my test currently marked AwaitsFix waiting on SOLR-14903 (which is a big enough
ball of wax i don't think this issue should be held up waiting for it).
I'm still running full checks/tests to make sure i this doesn't break anything
in some weird way ... Would appreciate review/eyeballs before committing &
backporting in the meantime.
> Proxied/Forwarded requests to other nodes wind up getting duplicate response
> headers
> ------------------------------------------------------------------------------------
>
> Key: SOLR-14898
> URL: https://issues.apache.org/jira/browse/SOLR-14898
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Affects Versions: 8.6.3
> Reporter: Chris M. Hostetter
> Assignee: Chris M. Hostetter
> Priority: Blocker
> Attachments: SOLR-14898.patch
>
>
> When Solr receives a request for a collection not hosted on the current node,
> HttpSolrCall forwards/proxies that request - but the final response for the
> client can include duplicate response headers - one header from the remote
> node that ultimately handled the request, and a second copy of the header
> added by the current node...
> {noformat}
> # create a simple 2 node cluster...
> $ ./bin/solr -e cloud -noprompt
> # ...
> $ curl
> 'http://localhost:8983/solr/admin/collections?action=CREATE&name=solo&numShards=1&nrtReplicas=1'
> # ...
> # node 8983 is the node currently hosting the only replica of the 'solo'
> collection, and responds to requests directly...
> #
> $ curl -S -s -D - -o /dev/null http://localhost:8983/solr/solo/select
> HTTP/1.1 200 OK
> Content-Security-Policy: default-src 'none'; base-uri 'none'; connect-src
> 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src
> 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src
> 'self'; worker-src 'self';
> X-Content-Type-Options: nosniff
> X-Frame-Options: SAMEORIGIN
> X-XSS-Protection: 1; mode=block
> Content-Type: application/json;charset=utf-8
> Content-Length: 169
> # node 7574 does not host a replica, and forwards requests for it to 8983
> # the response the client gets from 7574 has several security related headers
> duplicated...
> #
> $ curl -S -s -D - -o /dev/null http://localhost:7574/solr/solo/select
> HTTP/1.1 200 OK
> Content-Security-Policy: default-src 'none'; base-uri 'none'; connect-src
> 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src
> 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src
> 'self'; worker-src 'self';
> X-Content-Type-Options: nosniff
> X-Frame-Options: SAMEORIGIN
> X-XSS-Protection: 1; mode=block
> Content-Security-Policy: default-src 'none'; base-uri 'none'; connect-src
> 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src
> 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src
> 'self'; worker-src 'self';
> X-Content-Type-Options: nosniff
> X-Frame-Options: SAMEORIGIN
> X-XSS-Protection: 1; mode=block
> Content-Type: application/json;charset=utf-8
> Content-Length: 197
> {noformat}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
