Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(rate-limiting): do not set response headers if conf.hide_client_headers is true #13722

Merged
merged 2 commits into from
Oct 8, 2024
Merged

fix(rate-limiting): do not set response headers if conf.hide_client_headers is true #13722

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1f5e1c4
chore(.gitignore): ignore `MODULE.bazel.lock` as we are not using Bzlmod
ADD-SP Sep 29, 2024
67de15a
fix(rate-limiting): do not set response headers if
ADD-SP Sep 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,6 @@ bin/grpcurl
*.bak
*.rock

bazel-*

worktree/
bin/bazel
bin/h2client
Expand All @@ -41,3 +39,8 @@ bin/h2client
*.wasm
spec/fixtures/proxy_wasm_filters/build
spec/fixtures/proxy_wasm_filters/target

# bazel
bazel-*
# remove it after migrating from WORKSPACE to Bzlmod
MODULE.bazel.lock
6 changes: 6 additions & 0 deletions changelog/unreleased/kong/fix-rl-plugin-resp-hdr.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
message: >
**Rate-Limiting**: Fixed an issue that caused an
HTTP 500 error when `hide_client_headers`
is set to `true` and the request exceeds the rate limit.
type: bugfix
scope: Plugin
11 changes: 8 additions & 3 deletions kong/plugins/rate-limiting/handler.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -192,12 +192,17 @@ function RateLimitingHandler:access(conf)

-- If limit is exceeded, terminate the request
if stop then
pdk_rl_store_response_header(ngx_ctx, RETRY_AFTER, reset)
pdk_rl_apply_response_headers(ngx_ctx)
if not conf.hide_client_headers then
pdk_rl_store_response_header(ngx_ctx, RETRY_AFTER, reset)
pdk_rl_apply_response_headers(ngx_ctx)
end

return kong.response.error(conf.error_code, conf.error_message)
end

pdk_rl_apply_response_headers(ngx_ctx)
if not conf.hide_client_headers then
pdk_rl_apply_response_headers(ngx_ctx)
end
end

if conf.sync_rate ~= SYNC_RATE_REALTIME and conf.policy == "redis" then
Expand Down
15 changes: 15 additions & 0 deletions spec/03-plugins/23-rate-limiting/04-access_spec.lua
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -650,7 +650,22 @@ if limit_by == "ip" then
})

local res = assert(GET(test_path))
assert.res_status(200, res)

assert.is_nil(res.headers["X-Ratelimit-Limit-Minute"])
assert.is_nil(res.headers["X-Ratelimit-Remaining-Minute"])
assert.is_nil(res.headers["Ratelimit-Limit"])
assert.is_nil(res.headers["Ratelimit-Remaining"])
assert.is_nil(res.headers["Ratelimit-Reset"])
assert.is_nil(res.headers["Retry-After"])

-- repeat until get rate-limited
helpers.wait_until(function()
res = assert(GET(test_path))
return res.status == 429, "should be rate-limited (429), got " .. res.status
end, 10)

assert.res_status(429, res)
assert.is_nil(res.headers["X-Ratelimit-Limit-Minute"])
assert.is_nil(res.headers["X-Ratelimit-Remaining-Minute"])
assert.is_nil(res.headers["Ratelimit-Limit"])
Expand Down
Loading