feat(config) change Kong headers configuration

Instead of introducing a config option for each and every header or set of headers, an array of these values can be now specified using the `headers` config option. Only headers or tokens specified in the headers will be set by Kong when applicable. The goal here is to move towards a simpler and easier to understand configuration, similar to 1b9976f (#3147).
Kong · Mar 20, 2018 · 2d5437a · 2d5437a
1 parent 7285ff9
commit 2d5437a
Show file tree

Hide file tree

Showing 8 changed files with 272 additions and 30 deletions.
diff --git a/kong.conf.default b/kong.conf.default
@@ -190,15 +190,27 @@
                                  # process. When this number is exceeded, the
                                  # least recently used connections are closed.
 
-#server_tokens = on              # Enables or disables emitting Kong version on
-                                 # error pages and in the "Server" or "Via"
-                                 # (in case the request was proxied) response
-                                 # header field.
-
-#latency_tokens = on             # Enables or disables emitting Kong latency
-                                 # information in the "X-Kong-Proxy-Latency"
-                                 # and "X-Kong-Upstream-Latency" response
-                                 # header fields.
+#headers = server_tokens, latency_tokens
+                                 # Specify Kong specific headers that should
+                                 # be sent with proxy requests.
+                                 # Only headers or tokens specified here will
+                                 # be set by Kong when applicable.
+                                 # Acceptable values are:
+                                 # server_tokens: add 'Via' and 'Server' headers
+                                 # latency_tokens: add 'X-Kong-Proxy-Latency'
+                                 # and 'X-Kong-Upstream-Latency'
+
+                                 # 'X-Kong-<header-name>': Kong will inject
+                                 # this header when applicable.
+                                 #eg:
+                                 #headers = server_tokens, X-Kong-Proxy-Latency
+                                 #Kong will set 'Server', 'Via' and
+                                 #'X-Kong-Proxy-Latency' headers when applicable
+
+                                 # This value can be set to `off`, thus disabling
+                                 # all headers that Kong wil inject.
+                                 # Note that this does not mean that plugins
+                                 # will not inject any headers.
 
 #trusted_ips =                   # Defines trusted IP addresses blocks that are
                                  # known to send correct X-Forwarded-* headers.

diff --git a/kong/conf_loader.lua b/kong/conf_loader.lua
@@ -61,8 +61,7 @@ local CONF_INFERENCES = {
   nginx_user = {typ = "string"},
   nginx_worker_processes = {typ = "string"},
   upstream_keepalive = {typ = "number"},
-  server_tokens = {typ = "boolean"},
-  latency_tokens = {typ = "boolean"},
+  headers = {typ = "array"},
   trusted_ips = {typ = "array"},
   real_ip_header = {typ = "string"},
   real_ip_recursive = {typ = "ngx_boolean"},
@@ -294,6 +293,40 @@ local function check_and_infer(conf)
     end
   end
 
+  local headers = constants.HEADERS
+  local header_tokens = {
+    [headers.PROXY_LATENCY] = false,
+    [headers.UPSTREAM_LATENCY] = false,
+    [headers.SERVER] = false,
+    [headers.VIA] = false,
+    server_tokens = false,
+    latency_tokens = false,
+  }
+  if conf.headers then
+    for _, token in ipairs(conf.headers) do
+      if token == "off" then
+          break
+
+      elseif header_tokens[token] == nil then
+        errors[#errors+1] = "tokens: invalid entry '" .. tostring(token) .. "'"
+
+      else
+        header_tokens[token] = true
+      end
+    end
+
+    if header_tokens.server_tokens then
+      header_tokens[headers.SERVER] = true
+      header_tokens[headers.VIA] = true
+    end
+
+    if header_tokens.latency_tokens then
+      header_tokens[headers.PROXY_LATENCY] = true
+      header_tokens[headers.UPSTREAM_LATENCY] = true
+    end
+  end
+  conf.headers = header_tokens
+
   if conf.dns_order then
     local allowed = { LAST = true, A = true, CNAME = true, SRV = true }
     for _, name in ipairs(conf.dns_order) do

diff --git a/kong/constants.lua b/kong/constants.lua
@@ -59,7 +59,9 @@ return {
     CONSUMER_GROUPS = "X-Consumer-Groups",
     FORWARDED_HOST = "X-Forwarded-Host",
     FORWARDED_PREFIX = "X-Forwarded-Prefix",
-    ANONYMOUS = "X-Anonymous-Consumer"
+    ANONYMOUS = "X-Anonymous-Consumer",
+    VIA = "Via",
+    SERVER = "Server"
   },
   RATELIMIT = {
     PERIODS = {

diff --git a/kong/core/error_handlers.lua b/kong/core/error_handlers.lua
@@ -1,4 +1,5 @@
 local singletons = require "kong.singletons"
+local constants   = require "kong.constants"
 
 local find = string.find
 local format = string.format
@@ -56,7 +57,7 @@ return function(ngx)
   local status = ngx.status
   message = BODIES["s" .. status] and BODIES["s" .. status] or format(BODIES.default, status)
 
-  if singletons.configuration.server_tokens then
+  if singletons.configuration.headers[constants.HEADERS.SERVER] then
     ngx.header["Server"] = SERVER_HEADER
   end
 

diff --git a/kong/core/handler.lua b/kong/core/handler.lua
@@ -696,17 +696,20 @@ return {
       local header = ngx.header
 
       if ctx.KONG_PROXIED then
-        if singletons.configuration.latency_tokens then
+        if singletons.configuration.headers[constants.HEADERS.UPSTREAM_LATENCY] then
           header[constants.HEADERS.UPSTREAM_LATENCY] = ctx.KONG_WAITING_TIME
+        end
+
+        if singletons.configuration.headers[constants.HEADERS.PROXY_LATENCY] then
           header[constants.HEADERS.PROXY_LATENCY]    = ctx.KONG_PROXY_LATENCY
         end
 
-        if singletons.configuration.server_tokens then
+        if singletons.configuration.headers[constants.HEADERS.VIA] then
           header["Via"] = server_header
         end
 
       else
-        if singletons.configuration.server_tokens then
+        if singletons.configuration.headers[constants.HEADERS.SERVER] then
           header["Server"] = server_header
 
         else

diff --git a/kong/templates/kong_defaults.lua b/kong/templates/kong_defaults.lua
@@ -25,8 +25,7 @@ ssl_ciphers = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-EC
 admin_ssl_cert = NONE
 admin_ssl_cert_key = NONE
 upstream_keepalive = 60
-server_tokens = on
-latency_tokens = on
+headers = server_tokens, latency_tokens
 trusted_ips = NONE
 real_ip_header = X-Real-IP
 real_ip_recursive = off

diff --git a/spec-old-api/02-integration/05-proxy/12-server_tokens_spec.lua b/spec-old-api/02-integration/05-proxy/12-server_tokens_spec.lua
@@ -80,7 +80,7 @@ describe("Server Tokens", function()
 
     setup(start {
       nginx_conf    = "spec/fixtures/custom_nginx.template",
-      server_tokens = "on",
+      headers = "server_tokens",
     })
 
     teardown(helpers.stop_kong)
@@ -119,7 +119,7 @@ describe("Server Tokens", function()
 
     setup(start {
       nginx_conf    = "spec/fixtures/custom_nginx.template",
-      server_tokens = "off",
+      headers = "off",
     })
 
     teardown(helpers.stop_kong)
@@ -212,7 +212,7 @@ describe("Latency Tokens", function()
 
     setup(start {
       nginx_conf = "spec/fixtures/custom_nginx.template",
-      latency_tokens = "on",
+      headers = "latency_tokens",
     })
 
     teardown(helpers.stop_kong)
@@ -251,7 +251,7 @@ describe("Latency Tokens", function()
 
     setup(start {
       nginx_conf     = "spec/fixtures/custom_nginx.template",
-      latency_tokens = "off",
+      headers = "off",
     })
 
     teardown(function()