Merge pull request #1585 from dilanSachi/fix-header-forward

Remove inbound headers from outbound message
ballerina-platform · Apr 16, 2024 · 6b84b66 · 6b84b66
2 parents ed60245 + fb36268
commit 6b84b66
Show file tree

Hide file tree

Showing 6 changed files with 53 additions and 12 deletions.
diff --git a/ballerina-tests/tests/08_unary_client_with_headers.bal b/ballerina-tests/tests/08_unary_client_with_headers.bal
@@ -23,7 +23,6 @@ final HelloWorld101Client helloWorld8BlockingEp = check new ("http://localhost:9
 
 @test:Config {enable: true}
 function testHeadersInUnaryClient() returns grpc:Error? {
-
     //Working with custom headers
     wrappers:ContextString requestMessage = {content: "WSO2", headers: {"x-id": "0987654321"}};
     // Executing unary blocking call
@@ -41,7 +40,7 @@ function testHeadersInBlockingClient() returns grpc:Error? {
     // Executing unary blocking call
     wrappers:ContextString response = check helloWorld8BlockingEp->helloContext(requestMessage);
     map<string|string[]> resHeaders = response.headers;
-    test:assertEquals(check grpc:getHeaders(resHeaders, "x-id"), ["0987654321", "1234567890", "2233445677"]);
+    test:assertEquals(check grpc:getHeaders(resHeaders, "x-id"), ["1234567890", "2233445677"]);
 }
 
 @test:Config {enable: true}
@@ -54,3 +53,16 @@ function testLargeHeaderSize() returns grpc:Error? {
         test:assertFail("Expected an error");
     }
 }
+
+@test:Config {enable: true}
+function testLargeHeaderSizeWithLargeHeaderService() returns grpc:Error? {
+    HelloWorld101Client largeHeaderClient = check new ("http://localhost:9198");
+    string largeHeader = "";
+    foreach int i in 0...1000 {
+        largeHeader = largeHeader + "1234567890";
+    }
+    wrappers:ContextString requestMessage = {content: "WSO2", headers: {"large-header": largeHeader}};
+    wrappers:ContextString response = check largeHeaderClient->helloContext(requestMessage);
+    test:assertEquals(response.content, "Hello client");
+    test:assertFalse(response.headers.hasKey("large-header"));
+}
diff --git a/ballerina-tests/tests/08_unary_service_with_headers.bal b/ballerina-tests/tests/08_unary_service_with_headers.bal
@@ -32,11 +32,25 @@ service "HelloWorld101" on ep8 {
         map<string|string[]> responseHeaders = {};
 
         if !request.headers.hasKey("x-id") {
-            checkpanic caller->sendError(error grpc:AbortedError("x-id header is missing"));
+            check caller->sendError(error grpc:AbortedError("x-id header is missing"));
         } else {
             responseHeaders["x-id"] = ["1234567890", "2233445677"];
         }
         wrappers:ContextString responseMessage = {content: message, headers: responseHeaders};
-        checkpanic caller->sendContextString(responseMessage);
+        check caller->sendContextString(responseMessage);
+    }
+}
+
+listener grpc:Listener largeHeaderListener = new (9198, {
+    host: "localhost",
+    maxHeaderSize: 600000
+});
+
+@grpc:Descriptor {
+    value: UNARY_SERVICE_WITH_HEADERS_DESC
+}
+service "HelloWorld101" on largeHeaderListener {
+    isolated remote function hello(HelloWorld101StringCaller caller, ContextString request) returns error? {
+        check caller->sendString("Hello client");
     }
 }
diff --git a/ballerina/Ballerina.toml b/ballerina/Ballerina.toml
@@ -24,7 +24,7 @@ path = "../test-utils/build/libs/grpc-test-utils-1.11.0-SNAPSHOT.jar"
 scope = "testOnly"
 
 [[platform.java17.dependency]]
-path = "./lib/ballerina-cli-2201.9.0-20240405-165800-4b163f78.jar"
+path = "./lib/ballerina-cli-2201.9.0-20240410-095500-2653a74d.jar"
 scope = "testOnly"
 
 [[platform.java17.dependency]]
@@ -35,7 +35,7 @@ scope = "testOnly"
 groupId = "io.ballerina.stdlib"
 artifactId = "http-native"
 version = "2.11.0"
-path = "./lib/http-native-2.11.0-20240410-121300-ae1095d.jar"
+path = "./lib/http-native-2.11.0-20240410-161700-e275cb8.jar"
 
 [[platform.java17.dependency]]
 groupId = "io.netty"
@@ -163,11 +163,11 @@ path = "./lib/proto-google-common-protos-1.17.0.jar"
 [[platform.java17.dependency]]
 groupId = "org.ballerinalang"
 artifactId = "formatter-core"
-version = "2201.9.0-20240405-165800-4b163f78"
-path = "./lib/formatter-core-2201.9.0-20240405-165800-4b163f78.jar"
+version = "2201.9.0-20240410-095500-2653a74d"
+path = "./lib/formatter-core-2201.9.0-20240410-095500-2653a74d.jar"
 
 [[platform.java17.dependency]]
 groupId = "org.ballerinalang"
 artifactId = "ballerina-parser"
-version = "2201.9.0-20240405-165800-4b163f78"
-path = "./lib/ballerina-parser-2201.9.0-20240405-165800-4b163f78.jar"
+version = "2201.9.0-20240410-095500-2653a74d"
+path = "./lib/ballerina-parser-2201.9.0-20240410-095500-2653a74d.jar"
diff --git a/ballerina/Dependencies.toml b/ballerina/Dependencies.toml
@@ -5,7 +5,7 @@
 
 [ballerina]
 dependencies-toml-version = "2"
-distribution-version = "2201.9.0-20240405-165800-4b163f78"
+distribution-version = "2201.9.0-20240410-095500-2653a74d"
 
 [[package]]
 org = "ballerina"

diff --git a/changelog.md b/changelog.md
@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Fixed
 - [Address CVE-2024-29025 netty's vulnerability](https://github.com/ballerina-platform/ballerina-library/issues/6242)
+- [Fixed client headers getting forwarded back to client by the server](https://github.com/ballerina-platform/ballerina-library/issues/6334)
 
 ## [1.10.6] - 2024-02-01
 ### Added

diff --git a/native/src/main/java/io/ballerina/stdlib/grpc/OutboundMessage.java b/native/src/main/java/io/ballerina/stdlib/grpc/OutboundMessage.java
@@ -32,8 +32,11 @@
 import java.nio.charset.StandardCharsets;
 import java.util.Map;
 
+import static io.ballerina.stdlib.grpc.GrpcConstants.CONTENT_TYPE_KEY;
 import static io.ballerina.stdlib.grpc.GrpcConstants.GRPC_MESSAGE_KEY;
 import static io.ballerina.stdlib.grpc.GrpcConstants.GRPC_STATUS_KEY;
+import static io.ballerina.stdlib.grpc.GrpcConstants.SCHEME_HEADER;
+import static io.ballerina.stdlib.grpc.GrpcConstants.TE_KEY;
 
 /**
  * Class that represents an GRPC outbound message.
@@ -54,7 +57,18 @@ public OutboundMessage(HttpCarbonMessage responseMessage) {
     }
 
     OutboundMessage(InboundMessage inboundMessage) {
-        this(inboundMessage.getHttpCarbonMessage().cloneCarbonMessageWithOutData());
+        HttpCarbonMessage responseMessage = inboundMessage.getHttpCarbonMessage().cloneCarbonMessageWithOutData();
+        HttpHeaders headers = responseMessage.getHeaders();
+        headers.forEach(entry -> {
+            if (entry.getKey().equals(SCHEME_HEADER)) {
+                return;
+            }
+            responseMessage.removeHeader(entry.getKey());
+        });
+        responseMessage.setHeader(CONTENT_TYPE_KEY, GrpcConstants.CONTENT_TYPE_GRPC);
+        responseMessage.setHeader(TE_KEY, GrpcConstants.TE_TRAILERS);
+        this.responseMessage = responseMessage;
+        this.framer = ThreadLocal.withInitial(() -> new MessageFramer(responseMessage));
     }
 
     /**