-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Supporting alternate Host header for XMLHttpRequest requests #203
Comments
It has a problem, from the moment you create a custom header, for example X-Host, the browser makes this request in a request with the OPTIONS method so that it seeks to know whether the server supports this header, therefore the value this header is not visible in "resolver.access" and so kong not know which address to send this api options requisition. It has two solutions:
|
+1 |
@rsdevigo Kong should handle the |
side note: this is not a request because it is something we need to do, we are not just considering it. Otherwise any issue is a request. This is closer to a bug. |
So @thefosk, I think if the kong handle the OPTIONS request, it´s dangerous, cause sometimes the request may come with custom header besides X-Host, and sometimes I want that my API handle this request. Or I mistaken somewhere ? |
If we decide to implement the |
So, the idea is:
Is it ? |
|
I got it, but how the kong know the api public_dns if the x-host value it does not go with the OPTIONS request ? Or go ? |
Not able to use Postman to test Kong calls. Though it allows "Host" header it actually doesn't get parsed since Chrome strips restricted headers including "Host". |
@rsdevigo I will post more info on this issue once I think about the implementation |
Could Kong just look for both |
Proxying can now be triggered via a `Host` or a `X-Host-Override` header. Multiple values can be given to each of those headers. Fix #203
#246 supports |
Yes, sounds good, but u test with XMLHttpRequest and angularJS preflight requests ? |
I'm not really sure if this issue is about allowing a custom header for restricted headers on browsers or about the OPTIONS request. What is really needed, here? |
I agree that now there is a way to make a XMLHttpRequest without using the browser for it, with this branch the kong can redirect the request to the API. But when the matter came up in the chat was to use the kong with a client written in angularjs. |
From what I've read we want several things here:
As of today:
On a side note, keep in mind that if you want to use Kong from your browser you can use the CORS plugin. It will not proxy preflight requests to the end API by default (see kong/plugins/cors/access.lua#L63), but this issue raises concerns about it since like @rsdevigo said, if one uses the CORS plugin with To conclude: we support a custom header, I do not see a way to proxy preflight requests with this resolver, but one can use the CORS plugin to perform browser calls (needs to be tested but probably still no preflight requests). Please feel free to give me more infos on this if I'm missing anything. |
Proxying can now be triggered via a `Host` or a `X-Host-Override` header. Multiple values can be given to each of those headers. Fix #203
@thibaultcha I think you misunderstood me.
Meaning if I |
Oh ok, then yes it is what @thefosk originally described in the first comment of this issue, and it is #246. |
I now fully understand what @rsdevigo was trying to say, I completely misunderstood his point. As he was trying to explain, the problem here is that the preflight Because of this, Kong will never know what is the API consumed, unless the API has a path resolver configured. The options we have here are:
OPTIONS / HTTP/1.1
Host: localhost:8000
Access-Control-Request-Headers: accept, test.com
Access-Control-Request-Method: GET
Origin: website.com Kong will then parse the header, and try to resolve an API based on those values. I may be wrong but basically whatever we decide to do, the |
I have reopened the issue because clearly the previous solution is not satisfactory anymore. |
The problem was understood and discussed here. See:
The path resolver (now available) is still the only way. I don't like the dirty hack though. However supporting
If we only keep That being said, I am fine with removing |
Proxying can now be triggered via a `Host` or a `X-Host-Override` header. Multiple values can be given to each of those headers. Fix Kong#203
Should this not be and issue any longer? I'm attempting to send form data from a React application via Kong and I'm getting |
Anyone? |
@EwanValentine if you are using the path resolver this issue doesn't apply to your use-case. |
@thefosk I'm not using the path resolver. My API endpoints follow the following scheme:
So I'm not sure how the path resolver would fit into that? |
No worries, I've sorted it! I had no idea you could just call |
XMLHttpRequest doesn't allow to explicitly set a
Host
header, so we would need to support an alternate header likeX-Host
.http://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader()-method
The text was updated successfully, but these errors were encountered: