header_rewrite: fix set-body origin replacement across hooks and transforms#13116
Open
bryancall wants to merge 8 commits into
Open
header_rewrite: fix set-body origin replacement across hooks and transforms#13116bryancall wants to merge 8 commits into
bryancall wants to merge 8 commits into
Conversation
Implement robust internal-body handling across READ_RESPONSE and SEND_RESPONSE paths, including transform interactions, and consolidate origin set-body coverage into a single replay-driven AuTest matrix with cache-bypass probes and clearer inline test documentation. Made-with: Cursor
4 tasks
Contributor
Author
|
/copilot review |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR extends header_rewrite’s set-body operator to robustly replace origin response bodies (including across hooks and in the presence of response transforms), updates core HttpSM handling to honor the internal message buffer before tunneling, and adds/updates AuTests and documentation to cover the new behavior.
Changes:
- Update
HttpSMto divert origin responses tosetup_internal_transfer()when a plugin has setinternal_msg_buffer(including transform-related paths). - Allow
set-bodyto run atTS_HTTP_READ_RESPONSE_HDR_HOOK(in addition toTS_HTTP_SEND_RESPONSE_HDR_HOOK). - Add a replay-driven gold test matrix (read/send hooks; with/without transform) plus documentation updates.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
src/proxy/http/HttpSM.cc |
Adds internal-body override handling in SERVER_READ / TRANSFORM_READ and transform-bypass logic in set_next_state(). |
src/api/InkAPI.cc |
Ensures TSHttpTxnErrorBodySet() clears request-body override mode when reusing the shared buffer. |
plugins/header_rewrite/operators.cc |
Allows OperatorSetBody to run on TS_HTTP_READ_RESPONSE_HDR_HOOK. |
tests/gold_tests/pluginTest/header_rewrite/header_rewrite_set_body_origin.test.py |
Adds a new replay-driven test wrapper for origin replacement scenarios. |
tests/gold_tests/pluginTest/header_rewrite/header_rewrite_set_body_origin.replay.yaml |
Adds replay matrix for read/send hooks and transform/no-transform scenarios. |
tests/gold_tests/pluginTest/header_rewrite/rules/rule_set_body_origin_read_resp.conf |
New rule file to apply set-body at READ_RESPONSE_HDR_HOOK. |
tests/gold_tests/pluginTest/header_rewrite/rules/rule_set_body_origin_send_resp.conf |
New rule file to apply set-body at SEND_RESPONSE_HDR_HOOK. |
doc/admin-guide/plugins/header_rewrite.en.rst |
Documents origin replacement support and related caveats for set-body. |
tests/prepare_proxy_verifier.sh |
Updates expected Proxy Verifier tarball SHA1. |
Harden transform bypass cleanup before internal transfer, keep no-transform cache probes transform-free, and clarify set-body empty-string behavior in docs. Made-with: Cursor
Guard the bypass path with server-response validity so non-origin regression flows (e.g. connect intercept tests) are not routed through origin replacement logic. Made-with: Cursor
Prevent TSHttpConnect intercept regressions from taking the set-body internal-transfer path by guarding the SERVER_READ override on origin-response hook context and plugin tunnel state. Made-with: Cursor
Prevent null transform hook cleanup crashes when internal response-body replacement bypasses transform setup, fixing -11 failures in header_rewrite_set_body_origin and filter_body AuTests. Made-with: Cursor
Add focused comments in HttpSM transform-read handling to explain why tunnel teardown, transform VC cleanup, response header seeding, and server session release are required before internal transfer. Made-with: Cursor
zwoop
requested changes
May 6, 2026
Contributor
zwoop
left a comment
zwoop
left a comment
There was a problem hiding this comment.
I think this looks good, complex code, so love the tests. Other than all the comment slop, my only question really is around that hook check. That seems unnecessary, albeit I'm not 100% sure. Possibly they should be assertions, but I don't see how you'd get there, if you don't have those plugin hooks.
bryancall
force-pushed
the
set-body-origin-response-clean
branch
from
19837d4 to
cf53d32
Compare
Drop the response-hook sub-clause from the SERVER_READ internal-body divert; the plugin_tunnel and server_response.valid guards already prevent TSHttpConnect intercept regressions, and cur_hook_id is tautologically TS_HTTP_READ_RESPONSE_HDR_HOOK at this point. Tighten explanatory comments per review and revert an accidental proxy-verifier SHA1 bump that crept in during local development.
Replace the api_hooks.get() proxy with a precise check: capture the hook firing when a plugin calls TSHttpTxnErrorBodySet(), and only divert to internal transfer when that recorded hook is one of the response stages (READ_RESPONSE_HDR or SEND_RESPONSE_HDR). This prevents TSHttpConnect intercept regressions, which the original api_hooks.get() check protected only as a side effect. Verified on eris: SDK_API_TSHttpConnectIntercept, SDK_API_TSHttpConnectServerIntercept, SDK_API_HttpAltInfo, SDK_API_HttpTxnTransform, SDK_API_HttpTxnCache, SDK_API_HttpSsn, and SDK_API_HttpHookAdd all pass with this guard.
Contributor
Author
|
Posting a summary of the design discussion plus the production validation we just ran. Why the SERVER_READ divert and not a response transform
The natural alternative is to do what Why the SERVER_READ divert
Trade-offs we accept
Why not a response transform
Production validationValidated on an internal production edge host running a build that contains this PR's Method: appended three header-gated Result:
Automated test coverage
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
set-bodyrobust for origin responses by correctly handling internal body replacement before tunneling, including transform-bypass safety inHttpSMREAD_RESPONSE_HDR_HOOKas an allowedset-bodyhook while preservingSEND_RESPONSE_HDR_HOOK, and fix API state interaction inTSHttpTxnErrorBodySet()Production validation
Tested with live traffic on a single production edge/cache host using a build from this change set: staged
header_rewrite, thentraffic_server, with drain/restart and post-restart checks; exercisedset-bodyonREAD_RESPONSE_HDRfor origin 403 responses via config reload. Behavior matched expectations during rollout observation; the host was returned to rotation and informal bake/monitoring continues.Ready for review / merge from the author side.
Test plan
AUTEST_PORT_OFFSET=13000 ./autest.sh --ats-bin /tmp/ts-autest/bin --filter=header_rewrite_set_body_origin(eris)AUTEST_PORT_OFFSET=15000 ./autest.sh --ats-bin /tmp/ts-autest/bin --filter=header_rewrite_bundle(eris)Supersedes #12879.