Fix bug with non-ASCII HTTP headers #3197
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gRPC metadata (for the non-binary keys) must be printable ASCII, i.e. each byte must be between 0x20 and 0x7E inclusive.
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
johanbrandhorst
requested changes
Feb 20, 2023
There was a problem hiding this comment.
Hi, thanks for your PR! Can you please add a test for this too? It could be an integration test, see https://github.com/grpc-ecosystem/grpc-gateway/blob/main/examples/internal/integration/integration_test.go.
|
Looks like we have a bazel error, see CONTRIBUTING.md for how do auto-update the bazel files (it's because of the new import). |
johanbrandhorst
approved these changes
Feb 22, 2023
|
Is the change in runtime/BUILD.bazel the only one required? I ran the commands using docker, but the final build of Nevertheless, maybe the file that needed regenerating was regenerated by an earlier step? |
|
Hm, you can fix that error with a |
|
Okay, looks like this is ready to merge then? Thanks for the review! |
|
Thank you for your contribution :)! |
|
This fix was just released with v2.15.1. |
another-rex
pushed a commit
to google/osv.dev
that referenced
this pull request
Mar 6, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [github.com/grpc-ecosystem/grpc-gateway/v2](https://togithub.com/grpc-ecosystem/grpc-gateway) | require | patch | `v2.15.0` -> `v2.15.2` | | [google.golang.org/grpc/cmd/protoc-gen-go-grpc](https://togithub.com/grpc/grpc-go) | require | minor | `v1.2.0` -> `v1.3.0` | --- ### Release Notes <details> <summary>grpc-ecosystem/grpc-gateway</summary> ### [`v2.15.2`](https://togithub.com/grpc-ecosystem/grpc-gateway/releases/tag/v2.15.2) [Compare Source](https://togithub.com/grpc-ecosystem/grpc-gateway/compare/v2.15.1...v2.15.2) #### What's Changed - Switch the use of glog to grpclog. by [@​jmuk](https://togithub.com/jmuk) in [grpc-ecosystem/grpc-gateway#3205 - fix: remove `push_bsr_plugins` Github Action job by [@​gunturaf](https://togithub.com/gunturaf) in [grpc-ecosystem/grpc-gateway#3203 - Add correct comment, remove redundant vars and error, use short form by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#3206 #### New Contributors - [@​jmuk](https://togithub.com/jmuk) made their first contribution in [grpc-ecosystem/grpc-gateway#3205 - [@​gunturaf](https://togithub.com/gunturaf) made their first contribution in [grpc-ecosystem/grpc-gateway#3203 **Full Changelog**: grpc-ecosystem/grpc-gateway@v2.15.1...v2.15.2 ### [`v2.15.1`](https://togithub.com/grpc-ecosystem/grpc-gateway/releases/tag/v2.15.1) [Compare Source](https://togithub.com/grpc-ecosystem/grpc-gateway/compare/v2.15.0...v2.15.1) #### What's Changed - Clean up use_allof_for_refs flag option by [@​warrenb95](https://togithub.com/warrenb95) in [grpc-ecosystem/grpc-gateway#3092 - fix([#​3049](https://togithub.com/grpc-ecosystem/grpc-gateway/issues/3049)):add items type for array by [@​li31727](https://togithub.com/li31727) in [grpc-ecosystem/grpc-gateway#3090 - fix: JSON examples in YAML output \[[#​3095](https://togithub.com/grpc-ecosystem/grpc-gateway/issues/3095)] by [@​hedhyw](https://togithub.com/hedhyw) in [grpc-ecosystem/grpc-gateway#3106 - feat(3102):update DefaultHeaderMatcher function comment docs by [@​li31727](https://togithub.com/li31727) in [grpc-ecosystem/grpc-gateway#3114 - Rename root BUILD to BUILD.bazel for consistency by [@​rsepassi](https://togithub.com/rsepassi) in [grpc-ecosystem/grpc-gateway#3117 - Add `format` in path params by [@​antgamdia](https://togithub.com/antgamdia) in [grpc-ecosystem/grpc-gateway#3089 - Change verb by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#3129 - Remove redundant err and use %w verb for err by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#3130 - Use ifshort stmt for err by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#3131 - Cleanup by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#3137 - Change '%v' with %q verb and small cleanup by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#3139 - fix: Partial resource update, no longer generate updateMask field by [@​csh995426531](https://togithub.com/csh995426531) in [grpc-ecosystem/grpc-gateway#3093 - Add go1.20 to ci matrix by [@​sashamelentyev](https://togithub.com/sashamelentyev) in [grpc-ecosystem/grpc-gateway#3176 - Update README.md by [@​paulburlumi](https://togithub.com/paulburlumi) in [grpc-ecosystem/grpc-gateway#3184 - gateway: Dial -> DialContext by [@​torkelrogstad](https://togithub.com/torkelrogstad) in [grpc-ecosystem/grpc-gateway#3190 - Buf version bump by [@​torkelrogstad](https://togithub.com/torkelrogstad) in [grpc-ecosystem/grpc-gateway#3189 - Fix bug with non-ASCII HTTP headers by [@​steinarvk-oda](https://togithub.com/steinarvk-oda) in [grpc-ecosystem/grpc-gateway#3197 #### New Contributors - [@​warrenb95](https://togithub.com/warrenb95) made their first contribution in [grpc-ecosystem/grpc-gateway#3092 - [@​li31727](https://togithub.com/li31727) made their first contribution in [grpc-ecosystem/grpc-gateway#3090 - [@​rsepassi](https://togithub.com/rsepassi) made their first contribution in [grpc-ecosystem/grpc-gateway#3117 - [@​antgamdia](https://togithub.com/antgamdia) made their first contribution in [grpc-ecosystem/grpc-gateway#3089 - [@​csh995426531](https://togithub.com/csh995426531) made their first contribution in [grpc-ecosystem/grpc-gateway#3093 - [@​paulburlumi](https://togithub.com/paulburlumi) made their first contribution in [grpc-ecosystem/grpc-gateway#3184 - [@​steinarvk-oda](https://togithub.com/steinarvk-oda) made their first contribution in [grpc-ecosystem/grpc-gateway#3197 **Full Changelog**: grpc-ecosystem/grpc-gateway@v2.15.0...v2.15.1 </details> <details> <summary>grpc/grpc-go</summary> ### [`v1.3.0`](https://togithub.com/grpc/grpc-go/releases/tag/v1.3.0): Release 1.3.0 [Compare Source](https://togithub.com/grpc/grpc-go/compare/v1.2.0...v1.3.0) ### API change - Never encode binary metadata within the metadata map ([#​1188](https://togithub.com/grpc/grpc-go/issues/1188)) - Update grpclb proto and move grpclb into package grpc ([#​1186](https://togithub.com/grpc/grpc-go/issues/1186)) - Change status package to deal with concrete types instead of interfaces ([#​1171](https://togithub.com/grpc/grpc-go/issues/1171)) - Behavior change: do not strip out gRPC user-agent ([#​1158](https://togithub.com/grpc/grpc-go/issues/1158)) - Separate incoming and outgoing metadata in context ([#​1157](https://togithub.com/grpc/grpc-go/issues/1157)) - Add status package for reporting gRPC status and errors ([#​1156](https://togithub.com/grpc/grpc-go/issues/1156)) - remove support for go1.5 ([#​1132](https://togithub.com/grpc/grpc-go/issues/1132)) ### New Feature - Client load report for grpclb. ([#​1200](https://togithub.com/grpc/grpc-go/issues/1200)) - Client should update keepalive parameters upon receiving GoAway ([#​1169](https://togithub.com/grpc/grpc-go/issues/1169)) - Implementation for server enforcement of keepalive policy. ([#​1147](https://togithub.com/grpc/grpc-go/issues/1147)) - Add grpc.Version string and use it in the UA ([#​1144](https://togithub.com/grpc/grpc-go/issues/1144)) - Support max age([#​1119](https://togithub.com/grpc/grpc-go/issues/1119)) - Support proxy with dialer ([#​1098](https://togithub.com/grpc/grpc-go/issues/1098)) ### Behavior change - populate initReq target name and fix IP \[]byte type in grpclb ([#​1145](https://togithub.com/grpc/grpc-go/issues/1145)) - pick a random address if the current in use is deleted by resolver ([#​1135](https://togithub.com/grpc/grpc-go/issues/1135)) - :authority should include port number ([#​1123](https://togithub.com/grpc/grpc-go/issues/1123)) - Don't return an error from dial if the balancer returns no initial servers ([#​1112](https://togithub.com/grpc/grpc-go/issues/1112)) ### Bug fix - Fix nil pointer dereferences from status.FromProto(nil) ([#​1211](https://togithub.com/grpc/grpc-go/issues/1211)) - Use unpadded base64 encoding for binary metadata headers; handle padded or unpadded input ([#​1209](https://togithub.com/grpc/grpc-go/issues/1209)) - Use proto.Equal for equalities on Go proto messages ([#​1204](https://togithub.com/grpc/grpc-go/issues/1204)) - Move handling stats.End to clientStream.finish() ([#​1182](https://togithub.com/grpc/grpc-go/issues/1182)) - grpclb should connect to the second balancer ([#​1181](https://togithub.com/grpc/grpc-go/issues/1181)) - add error handling for InvalidArgument error from sendResponse() ([#​1173](https://togithub.com/grpc/grpc-go/issues/1173)) - transport: implement GoString on Stream ([#​1167](https://togithub.com/grpc/grpc-go/issues/1167)) - Bug fix([Issue#​1141](https://togithub.com/Issue/grpc-go/issues/1141)): Check if peer is nil before trying to derefer it. ([#​1143](https://togithub.com/grpc/grpc-go/issues/1143)) - Make sure all in-flight streams close when ClientConn.Close() is called. ([#​1136](https://togithub.com/grpc/grpc-go/issues/1136)) ### Performance - opt in to frame reuse on the framer to reduce garbage ([#​1096](https://togithub.com/grpc/grpc-go/issues/1096)) - use proto.Buffer API for protobuf codec and cache proto.Buffer structs ([#​1010](https://togithub.com/grpc/grpc-go/issues/1010)) ### Documentation - add document to ClientHandshake about returning temporary error ([#​1125](https://togithub.com/grpc/grpc-go/issues/1125)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone Australia/Sydney, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://togithub.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/google/osv.dev). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xNDYuMiIsInVwZGF0ZWRJblZlciI6IjM0LjE0Ni4yIn0=-->
](https://renovatebot.com){kind=link}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
gRPC metadata (for the non-binary keys) must be printable ASCII, i.e. each byte must be between 0x20 and 0x7E inclusive.
References to other Issues or PRs
Have not created an issue, but this fixes a problem we've had in our deployment of argoproj/argo-workflows (which uses grpc-gateway) where any API request with a header value containing a non-ASCII character gets rejected.
HTTP headers can by convention be general ISO-8859-1, not just US ASCII. E.g. 'æ', 'ø', 'å' should be fine in HTTP headers, but they're not acceptable in gRPC metadata.
Have you read the Contributing Guidelines?
Yes.
Brief description of what is fixed or changed
When copying HTTP headers over to gRPC metadata, skip headers where the key or the value would not be accepted by gRPC. (These requests would be rejected anyway if the metadata were included.)
Other comments