-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ClientSettingsPolicy does not work on HTTPRoutes with matching conditions #2079
Comments
I'll add that I discovered this using the ObservabilityPolicy. Traces were not being sampled on requests going through the named locations (where |
This problem is not limited to named locations, it is an issue with internal redirects. To reproduce without named locations:
Then send the following requests:
Expect: 200
Expect: 413
Expect: 200
Expect: 413 |
Update: The proposed solution to this bug was to set the directives ( This solution works for Some alternatives discussed: (1) Change ClientSettingsPolicy from an Inherited Policy Attachment to a Direct Policy Attachment. ClientSettingsPolicy could only be attached to a Gateway. Possible to allow attaching to a Gateway.Listener which would allow the user to more selectively apply client settings to individual server blocks. Pros:
Cons:
(2) Add a restriction that a URI (like /coffee) can only be defined in one HTTPRoute. This will allow us to define the client settings in the external location blocks instead of the internal location blocks. Since the bug only applies to internal location blocks, this will eliminate the issue. Pros:
Cons:
|
I do like option 2 because it reduces complexity, but I do worry about the Gateway API expectations around it. Option 1 could work until we get feedback that Route support is desired for this policy. |
Closing in favor of: #2308 |
Describe the bug
If you apply a policy to a route that has http matches with a method, params, or headers defined, the policy has no affect.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
You should receive a 413 entity too large since the request body exceeds the limit
Your environment
Additional context
The policy is correctly included in the named location block for the tea routes, but the directives are ignored by nginx. This seems to be a limitation of named locations in nginx.
For example, this config with named locations does not enforce the client max body size:
however, if you change the named location to an internal location:
it does work.
The text was updated successfully, but these errors were encountered: