runtime: removing http_allow_partial_urls_in_referer

Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
alyssawilk · Jun 10, 2024 · 3f51e9d · 3f51e9d
1 parent b3b2c1a
commit 3f51e9d
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 64 deletions.
diff --git a/changelogs/current.yaml b/changelogs/current.yaml
@@ -179,6 +179,9 @@ removed_config_or_runtime:
 - area: http
   change: |
     Removed ``envoy.reloadable_features.lowercase_scheme`` runtime flag and lagacy code paths.
+- area: http
+  change: |
+    Removed ``envoy.reloadable_features.http_allow_partial_urls_in_referer`` runtime flag and lagacy code paths.
 - area: upstream
   change: |
     Removed ``envoy.reloadable_features.convert_legacy_lb_config`` runtime flag and lagacy code paths.

diff --git a/source/common/http/utility.cc b/source/common/http/utility.cc
@@ -1524,14 +1524,6 @@ bool Utility::isValidRefererValue(absl::string_view value) {
   // a host to be present if there is a schema.
   Utility::Url url;
 
-  if (!Runtime::runtimeFeatureEnabled(
-          "envoy.reloadable_features.http_allow_partial_urls_in_referer")) {
-    if (url.initialize(value, false)) {
-      return true;
-    }
-    return false;
-  }
-
   if (url.initialize(value, false)) {
     return !(url.containsFragment() || url.containsUserinfo());
   }

diff --git a/source/common/runtime/runtime_features.cc b/source/common/runtime/runtime_features.cc
@@ -63,7 +63,6 @@ RUNTIME_GUARD(envoy_reloadable_features_http2_discard_host_header);
 RUNTIME_GUARD(envoy_reloadable_features_http2_use_oghttp2);
 RUNTIME_GUARD(envoy_reloadable_features_http2_use_visitor_for_data);
 RUNTIME_GUARD(envoy_reloadable_features_http2_validate_authority_with_quiche);
-RUNTIME_GUARD(envoy_reloadable_features_http_allow_partial_urls_in_referer);
 RUNTIME_GUARD(envoy_reloadable_features_http_filter_avoid_reentrant_local_reply);
 // Delay deprecation and decommission until UHV is enabled.
 RUNTIME_GUARD(envoy_reloadable_features_http_reject_path_with_fragment);

diff --git a/test/common/http/conn_manager_utility_test.cc b/test/common/http/conn_manager_utility_test.cc
@@ -280,20 +280,6 @@ TEST_F(ConnectionManagerUtilityTest, RemoveRefererIfFragmentIsFound) {
   EXPECT_TRUE(headers.get(Http::CustomHeaders::get().Referer).empty());
 }
 
-TEST_F(ConnectionManagerUtilityTest, AllowRefererIfFragmentIsFoundWithoutGuard) {
-  TestScopedRuntime scoped_runtime;
-  scoped_runtime.mergeValues(
-      {{"envoy.reloadable_features.http_allow_partial_urls_in_referer", "false"}});
-  connection_.stream_info_.downstream_connection_info_provider_->setRemoteAddress(
-      std::make_shared<Network::Address::Ipv4Instance>("10.0.0.1"));
-  ON_CALL(config_, useRemoteAddress()).WillByDefault(Return(true));
-  TestRequestHeaderMapImpl headers{{"referer", "https://example.com/foo/bar/#fragment"}};
-  EXPECT_EQ((MutateRequestRet{"10.0.0.1:0", true, Tracing::Reason::NotTraceable}),
-            callMutateRequestHeaders(headers, Protocol::Http2));
-  EXPECT_EQ("https://example.com/foo/bar/#fragment",
-            headers.get(Http::CustomHeaders::get().Referer)[0]->value().getStringView());
-}
-
 TEST_F(ConnectionManagerUtilityTest, RemoveRefererIfMalformedPath) {
   connection_.stream_info_.downstream_connection_info_provider_->setRemoteAddress(
       std::make_shared<Network::Address::Ipv4Instance>("10.0.0.1"));
@@ -314,20 +300,6 @@ TEST_F(ConnectionManagerUtilityTest, RemoveRefererIfUserinfoIncluded) {
   EXPECT_TRUE(headers.get(Http::CustomHeaders::get().Referer).empty());
 }
 
-TEST_F(ConnectionManagerUtilityTest, AllowRefererIfUserinfoIncludedWithoutGuard) {
-  TestScopedRuntime scoped_runtime;
-  scoped_runtime.mergeValues(
-      {{"envoy.reloadable_features.http_allow_partial_urls_in_referer", "false"}});
-  connection_.stream_info_.downstream_connection_info_provider_->setRemoteAddress(
-      std::make_shared<Network::Address::Ipv4Instance>("10.0.0.1"));
-  ON_CALL(config_, useRemoteAddress()).WillByDefault(Return(true));
-  TestRequestHeaderMapImpl headers{{"referer", "https://user:info@example.com"}};
-  EXPECT_EQ((MutateRequestRet{"10.0.0.1:0", true, Tracing::Reason::NotTraceable}),
-            callMutateRequestHeaders(headers, Protocol::Http2));
-  EXPECT_EQ("https://user:info@example.com",
-            headers.get(Http::CustomHeaders::get().Referer)[0]->value().getStringView());
-}
-
 TEST_F(ConnectionManagerUtilityTest, ValidRefererPassesSanitization) {
   connection_.stream_info_.downstream_connection_info_provider_->setRemoteAddress(
       std::make_shared<Network::Address::Ipv4Instance>("10.0.0.1"));
@@ -339,20 +311,6 @@ TEST_F(ConnectionManagerUtilityTest, ValidRefererPassesSanitization) {
             headers.get(Http::CustomHeaders::get().Referer)[0]->value().getStringView());
 }
 
-TEST_F(ConnectionManagerUtilityTest, ValidRefererPassesSanitizationWithoutGuard) {
-  TestScopedRuntime scoped_runtime;
-  scoped_runtime.mergeValues(
-      {{"envoy.reloadable_features.http_allow_partial_urls_in_referer", "false"}});
-  connection_.stream_info_.downstream_connection_info_provider_->setRemoteAddress(
-      std::make_shared<Network::Address::Ipv4Instance>("10.0.0.1"));
-  ON_CALL(config_, useRemoteAddress()).WillByDefault(Return(true));
-  TestRequestHeaderMapImpl headers{{"referer", "https://example.com/"}};
-  EXPECT_EQ((MutateRequestRet{"10.0.0.1:0", true, Tracing::Reason::NotTraceable}),
-            callMutateRequestHeaders(headers, Protocol::Http2));
-  EXPECT_EQ("https://example.com/",
-            headers.get(Http::CustomHeaders::get().Referer)[0]->value().getStringView());
-}
-
 TEST_F(ConnectionManagerUtilityTest, AlphaNumCharRefererPassesSanitization) {
   connection_.stream_info_.downstream_connection_info_provider_->setRemoteAddress(
       std::make_shared<Network::Address::Ipv4Instance>("10.0.0.1"));
@@ -375,19 +333,6 @@ TEST_F(ConnectionManagerUtilityTest, ValidPathOnlyRefererPassesSanitization) {
             headers.get(Http::CustomHeaders::get().Referer)[0]->value().getStringView());
 }
 
-TEST_F(ConnectionManagerUtilityTest, RemovePathOnlyRefererWithoutGuard) {
-  TestScopedRuntime scoped_runtime;
-  scoped_runtime.mergeValues(
-      {{"envoy.reloadable_features.http_allow_partial_urls_in_referer", "false"}});
-  connection_.stream_info_.downstream_connection_info_provider_->setRemoteAddress(
-      std::make_shared<Network::Address::Ipv4Instance>("10.0.0.1"));
-  ON_CALL(config_, useRemoteAddress()).WillByDefault(Return(true));
-  TestRequestHeaderMapImpl headers{{"referer", "/foo/bar/"}};
-  EXPECT_EQ((MutateRequestRet{"10.0.0.1:0", true, Tracing::Reason::NotTraceable}),
-            callMutateRequestHeaders(headers, Protocol::Http2));
-  EXPECT_TRUE(headers.get(Http::CustomHeaders::get().Referer).empty());
-}
-
 TEST_F(ConnectionManagerUtilityTest, ValidFileOnlyRefererPassesSanitization) {
   connection_.stream_info_.downstream_connection_info_provider_->setRemoteAddress(
       std::make_shared<Network::Address::Ipv4Instance>("10.0.0.1"));