Skip to content

fix: disable -shadow host suffix append #7229

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 16, 2025
Merged

fix: disable -shadow host suffix append #7229

merged 3 commits into from
Oct 16, 2025

Conversation

@shreealt
Copy link
Contributor

@shreealt shreealt commented Oct 14, 2025

What type of PR is this?

bugfix

What this PR does / why we need it:
The current HTTPRoute Request Mirroring automatically appends a “-shadow” to the mirror requests Host header. According to the Envoy doc, this is used for logging.

However, this can be surprising to users, as the Host header is modified without explicit notice. It may also cause issues for application that depends on the original Host header.
Which issue(s) this PR fixes:

Fixes #7227

Release Notes: Yes/No

@shreealt shreealt requested a review from a team as a code owner October 14, 2025 04:44
@shreealt
Copy link
Contributor Author

shreealt commented Oct 14, 2025

I am kinda confused on how to write test cases for this one. Specially the part on how to confirm that the host header in mirrored HTTP message does not contain the shadow suffix.

I am reading existing test cases, however I would appreciate any help on this.

@codecov
Copy link

codecov bot commented Oct 14, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.14%. Comparing base (70af785) to head (77e3df6).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7229      +/-   ##
==========================================
+ Coverage   71.07%   71.14%   +0.07%     
==========================================
  Files         228      228              
  Lines       40825    40827       +2     
==========================================
+ Hits        29015    29048      +33     
+ Misses      10104    10079      -25     
+ Partials     1706     1700       -6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@zhaohuabing
Copy link
Member

zhaohuabing commented Oct 14, 2025

@shreealt thanks for picking this up!

Iet's hold off on this PR for now until a decision is made on how to address #7227.

@zhaohuabing
Copy link
Member

zhaohuabing commented Oct 14, 2025

@shreealt we discussed this in today's meeting. The decision is to make a breaking change to remove the -shadow suffix at this PR.

Feel free to proceed.

zhaohuabing
zhaohuabing reviewed Oct 14, 2025
View reviewed changes
internal/xds/translator/route.go
RuntimeFraction: mp,
Cluster: policy.Destination.Name,
RuntimeFraction: mp,
DisableShadowHostSuffixAppend: true,
Copy link
Member

@zhaohuabing zhaohuabing Oct 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: can we add a line of comment to explain why setting this option?

@zhaohuabing
Copy link
Member

zhaohuabing commented Oct 15, 2025
edited
Loading

I am kinda confused on how to write test cases for this one. Specially the part on how to confirm that the host header in mirrored HTTP message does not contain the shadow suffix.

I am reading existing test cases, however I would appreciate any help on this.

RequestMirror is in a Gateway API feature, so we rely on the gateway api conformance test to verify it in the e2e tests.

For this PR, it's fine to verify it in the xds translator tests.

zhaohuabing
zhaohuabing requested changes Oct 15, 2025
View reviewed changes
Copy link
Member

@zhaohuabing zhaohuabing left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a note to the "breaking changes" section of the release-notes/current.yaml file?

@jukie jukie requested a review from zhaohuabing October 16, 2025 02:17
@jukie
Copy link
Contributor

jukie commented Oct 16, 2025

/retest

@shreealt @zirain
fix: disable -shadow host suffix append
cec01e1 
Signed-off-by: Shreemaan Abhishek <shreemaanabhishek@apache.org>
@shreealt @zirain
cmt
641ef54 
Signed-off-by: Shreemaan Abhishek <shreemaanabhishek@apache.org>
@shreealt @zirain
rn
77e3df6 
Signed-off-by: Shreemaan Abhishek <shreemaanabhishek@apache.org>
@zirain zirain force-pushed the fix/rm-shdw-host-suffix branch from efb6afa to 77e3df6 Compare October 16, 2025 06:04
zhaohuabing
zhaohuabing approved these changes Oct 16, 2025
View reviewed changes
Copy link
Member

@zhaohuabing zhaohuabing left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

@arkodg arkodg merged commit fc08dbd into envoyproxy:main Oct 16, 2025
95 of 101 checks passed
aburan28 pushed a commit to aburan28/gateway that referenced this pull request Oct 18, 2025
@shreealt @aburan28
fix: disable -shadow host suffix append (envoyproxy#7229)
91a541f 
* fix: disable `-shadow` host suffix append

Signed-off-by: Shreemaan Abhishek <shreemaanabhishek@apache.org>
Signed-off-by: Adam Buran <aburan28@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zhaohuabing zhaohuabing zhaohuabing approved these changes

@jukie jukie jukie approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remove shadow host suffix from the mirrored requests

4 participants

@shreealt @zhaohuabing @jukie @arkodg