Search code examples
envoyproxy

Tell envoyproxy to not override existing cookies

I'm using envoyproxy in my application. Envoy is adding a custom header to all incoming requests. If the custom header already exits, envoy with overwrite it with a new value. Is there a way to tell envoy to not overwrite this custom header if it already exists?

Solution

  • Yes, there is a dedicated header append action named ADD_IF_ABSENT for this purpose. From the docs:

    ⁣This action will add the header if it doesn’t already exist. If the header already exists then this will be a no-op.

    To use it, you will need to add it in the envoy.filters.network.http_connection_manager filter's route_config.request_headers_to_add field. Here's a minimal working filter config below (last line with append_action is what you need to set to get the behavior you want):

    filter_chains:
  - filters:
      - name: envoy.filters.network.http_connection_manager
        typed_config:
          "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
          stat_prefix: ingress_http
          http_filters:
            - name: envoy.filters.http.router
              typed_config:
                "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
          route_config:
            name: local_route
            virtual_hosts:
              - name: local_service
                domains: ["*"]
                routes:
                  - match:
                      prefix: "/"
                    route:
                      cluster: app
            request_headers_to_add:
              - header:
                  key: "x-my-header"
                  value: "set-by-envoy"
                append_action: ADD_IF_ABSENT # this answers your question

    I've tested it with envoy v1.28.0 and a dummy app that just prints the request's x-my-header header, and it works perfectly:

    # test 1, don't pass "x-my-header"
curl -s -I localhost:8080 -o /dev/null

# test 2, pass a custom "x-my-header"
curl -s -I -H "x-my-header: set-by-user" localhost:8080 -o /dev/null

    My application logs shows that first request used the default header set by Envoy, while the second request used the header set when doing the curl (so Envoy have not overwritten the header thanks to ADD_IF_ABSENT):

    set-by-envoy
[23/Dec/2023 13:35:45] "HEAD / HTTP/1.1" 200 -
set-by-user
[23/Dec/2023 13:35:55] "HEAD / HTTP/1.1" 200 -

    Note that append_action default is APPEND_IF_EXISTS_OR_ADD (in Envoy 1.28.0 at least), so if you don't set its value, the value added in Envoy is appended to the header. Example with the test above:

    set-by-envoy
[23/Dec/2023 13:40:56] "HEAD / HTTP/1.1" 200 -
set-by-user,set-by-envoy
[23/Dec/2023 13:40:58] "HEAD / HTTP/1.1" 200 -