Skip to content

header_rewrite: fix set-body origin replacement across hooks and transforms#13116

Open
bryancall wants to merge 4 commits intomasterfrom
set-body-origin-response-clean
Open

header_rewrite: fix set-body origin replacement across hooks and transforms#13116
bryancall wants to merge 4 commits intomasterfrom
set-body-origin-response-clean

Conversation

@bryancall
Copy link
Copy Markdown
Contributor

@bryancall bryancall commented Apr 23, 2026

Summary

  • make set-body robust for origin responses by correctly handling internal body replacement before tunneling, including transform-bypass safety in HttpSM
  • add READ_RESPONSE_HDR_HOOK as an allowed set-body hook while preserving SEND_RESPONSE_HDR_HOOK, and fix API state interaction in TSHttpTxnErrorBodySet()
  • consolidate AuTests into one replay-driven test covering read/send hooks with and without transforms, with cache disabled and cache-bypass probes; update docs accordingly

Test plan

  • AUTEST_PORT_OFFSET=13000 ./autest.sh --ats-bin /tmp/ts-autest/bin --filter=header_rewrite_set_body_origin (eris)
  • AUTEST_PORT_OFFSET=15000 ./autest.sh --ats-bin /tmp/ts-autest/bin --filter=header_rewrite_bundle (eris)
  • Verify branch is single commit ahead of master

Supersedes #12879.

Made with Cursor

@bryancall
Enable robust set-body origin replacement across hooks and transforms.
700f6bf 
Implement robust internal-body handling across READ_RESPONSE and SEND_RESPONSE paths, including transform interactions, and consolidate origin set-body coverage into a single replay-driven AuTest matrix with cache-bypass probes and clearer inline test documentation.

Made-with: Cursor
@bryancall bryancall mentioned this pull request Apr 23, 2026
Closed
4 tasks
@bryancall
Copy link
Copy Markdown
Contributor Author

bryancall commented Apr 23, 2026

/copilot review

@bryancall bryancall requested a review from Copilot April 23, 2026 19:13
Copilot AI reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR extends header_rewrite’s set-body operator to robustly replace origin response bodies (including across hooks and in the presence of response transforms), updates core HttpSM handling to honor the internal message buffer before tunneling, and adds/updates AuTests and documentation to cover the new behavior.

Changes:

  • Update HttpSM to divert origin responses to setup_internal_transfer() when a plugin has set internal_msg_buffer (including transform-related paths).
  • Allow set-body to run at TS_HTTP_READ_RESPONSE_HDR_HOOK (in addition to TS_HTTP_SEND_RESPONSE_HDR_HOOK).
  • Add a replay-driven gold test matrix (read/send hooks; with/without transform) plus documentation updates.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
src/proxy/http/HttpSM.cc Adds internal-body override handling in SERVER_READ / TRANSFORM_READ and transform-bypass logic in set_next_state().
src/api/InkAPI.cc Ensures TSHttpTxnErrorBodySet() clears request-body override mode when reusing the shared buffer.
plugins/header_rewrite/operators.cc Allows OperatorSetBody to run on TS_HTTP_READ_RESPONSE_HDR_HOOK.
tests/gold_tests/pluginTest/header_rewrite/header_rewrite_set_body_origin.test.py Adds a new replay-driven test wrapper for origin replacement scenarios.
tests/gold_tests/pluginTest/header_rewrite/header_rewrite_set_body_origin.replay.yaml Adds replay matrix for read/send hooks and transform/no-transform scenarios.
tests/gold_tests/pluginTest/header_rewrite/rules/rule_set_body_origin_read_resp.conf New rule file to apply set-body at READ_RESPONSE_HDR_HOOK.
tests/gold_tests/pluginTest/header_rewrite/rules/rule_set_body_origin_send_resp.conf New rule file to apply set-body at SEND_RESPONSE_HDR_HOOK.
doc/admin-guide/plugins/header_rewrite.en.rst Documents origin replacement support and related caveats for set-body.
tests/prepare_proxy_verifier.sh Updates expected Proxy Verifier tarball SHA1.

Comment thread src/proxy/http/HttpSM.cc Outdated
Comment thread tests/gold_tests/pluginTest/header_rewrite/header_rewrite_set_body_origin.replay.yaml
Comment thread doc/admin-guide/plugins/header_rewrite.en.rst Outdated
@bryancall
Address Copilot review feedback on transform safety and docs.
6a79af5 
Harden transform bypass cleanup before internal transfer, keep no-transform cache probes transform-free, and clarify set-body empty-string behavior in docs.

Made-with: Cursor
@bryancall
Limit internal-body transform bypass to origin-response contexts.
6b115ce 
Guard the bypass path with server-response validity so non-origin regression flows (e.g. connect intercept tests) are not routed through origin replacement logic.

Made-with: Cursor
@bryancall
Restrict internal response-body override to response-hook contexts.
ce43606 
Prevent TSHttpConnect intercept regressions from taking the set-body internal-transfer path by guarding the SERVER_READ override on origin-response hook context and plugin tunnel state.

Made-with: Cursor
@bryancall
Copy link
Copy Markdown
Contributor Author

bryancall commented Apr 24, 2026

/copilot review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bryancall