ProxyExchange fails with "IOException: insufficient data written" with boot 3.2 #3154
Comments
jkuipers
changed the title
|
Posting for those encountering, the workaround is to set |
spencergibb
changed the title
|
Why don't you pass the body in the ProxyController? |
|
The body isn’t modified by my code, why would I pass it myself? This is done automatically. We could explicitly add an |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
ghost
mentioned this issue
|
Would it help to create a pull request to address this? I didn't consider that when I reported the issue as it seems trivial to fix, but given that it's been open for 4 months already and that various people have encountered issues b/o this bug I think it would be good to have a released solution ASAP. |
|
Yes, PRs welcome. We have an upcoming release in a week |
Also remove the bogus spring.cloud.gateway.proxy.auto-forward setting
… copied Also remove the bogus spring.cloud.gateway.proxy.auto-forward setting from the tests
Also remove the bogus spring.cloud.gateway.proxy.auto-forward setting from the tests. Fixes spring-cloudgh-3154
|
OK, I've created #3313 to address the issue for both the MVC and Webflux version. |
Also remove the bogus spring.cloud.gateway.proxy.auto-forward setting from the tests. Fixes spring-cloudgh-3154
Also remove the bogus spring.cloud.gateway.proxy.auto-forward setting from the tests. Fixes spring-cloudgh-3154
|
I thought the idea was that a PR could be considered for this week's release, but I see that the release was already cut without any feedback on the PR that I created last week... Any chance to get this into the next release, at least? Or any feedback on what might still be needed for that to happen? |
|
Sorry about that. I'll look at it again soon |
Note that setting it like this removes all the default sensitive headers and therefore is likely to let you expose secrets to downstream services that you’re proxying, so please don’t copy this as-is. |
|
Hey, it's been 5 five months since reporting this and four weeks since providing a suggested fix: any chance of getting a review on the PR? Right now both ProxyExchange modules are broken as shipped in the latest releases... |
|
@spencergibb is there any updates about bug status? |
|
Missed yet another release, I see. I'm going to give up on chasing this: it's very puzzling to me how an official Spring project simply ignores shipping two broken modules for half a year already when it's clear what the problem is and there's a proposed solution. |
|
It'll be in the May release |
narrator: it wasn't |
|
I just come here to say that I am also in that position. I upgraded spring boot 2.2.x to 3.2.x and this ProxyExchange is the simplest way for us to replace netflix-zuul. But because of this header problem, for which a fix is waiting to be merged for many months now (thank you @jkuipers for providing that!), this migration is in limbo again. It would be really nice to either put it into the next release or otherwise update us if there is a problem with that proposed solution (maybe the different configuration property is? Then please say so @spencergibb ) |
|
@spencergibb hello! Can you download updated artifact (v 4.1.5) in mvnrepo please? |
The
ProxyExchangetype in spring-cloud-gateway-mvc copies over the headers from the incoming request, unless they're marked as sensitive. In addition, it also uses the HTTP message converters to unmarshal the payload of the incoming request and marshal it again when sending.What we found is that in the header copying, it also includes the
Content-Lengthheader of the incoming request. However, b/o the unmarshalling and then marshalling the content length of the proxied request can be different: especially in the case of JSON where whitespace is removed, it can become less.This causes problems with some downstream servers, as they keep waiting for additional request contents based on the erroneous
Content-Lengthheader. When not using smth like Apache Component HTTP client but using the default Java client instead, this even leads to errors in the client itself (showcased in attached sample).This behavior was not there in previous versions: actually, with Spring Boot 3.1.6 and the underlying Spring web version this works. When you check what's being sent then you can see that a Content-Length header is always set, with the correct value.
It looks like the latest Spring web code (Jackson HTTP message converter?) no longer sets its own
Content-Lengthheader when marshalling to JSON. Therefore, spring-cloud-gateway-mvc should never copy over this header from the incoming request, but should rather leave it up to the RestTemplate to either leave it out or set this to the correct value for the outgoing request.BTW, although this isn't strictly related to this issue, I believe that the
Hostheader of the incoming request shouldn't be copied either by default: this can also lead to issues.Sample
I've attached a project with two integration tests that showcase the problem. By configuring the
content-lengthto be a sensitive header you can work around the issue, but users of the framework should not be required to do this.gateway-mvc-contentlength.zip
The text was updated successfully, but these errors were encountered: