[PATCH] Added merge inheritance to proxy_set_header

Mon Nov 27 12:18:21 UTC 2023

Hi Jordan,

On Thu, Nov 23, 2023 at 02:52:55PM +0000, J Carter wrote:
> # HG changeset patch
> # User J Carter <jordan.carter at outlook.com>
> # Date 1700751016 0
> #      Thu Nov 23 14:50:16 2023 +0000
> # Node ID cc79903ca02eff8aa87238a0f801f8070425d9ab
> # Parent  7ec761f0365f418511e30b82e9adf80bc56681df
> Added merge inheritance to proxy_set_header
> 
> This patch introduces 'inherit' argument to proxy_set_header
> directive. When marked as such it will be merge inherited into child
> contexts regardless of the presence of other proxy_set_header
> directives within those contexts.
> 
> This patch also introduces the 'proxy_set_header_inherit' directive
> which blocks the merge inheritance in receiving contexts when set to off.
> 
> The purpose of the added mechanics is to reduce repetition within the
> nginx configuration for universally set (or boilerplate) request
> headers, while maintaining flexibility to set additional headers for
> specific paths.
> 
> There is no change in behavior for existing configurations.
> 
> Example below:
> 
> server {
> 
>     ...
> 
>     proxy_set_header Host $host inherit;
>     proxy_set_header Connection "" inherit;
>     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for inherit;
> 
>     location /1/ {
>         #sets this header in addition to server context ones.
>         proxy_set_header customHeader1 "customvalue1";
>         proxy_pass http://backend1;
>     }
> 
>     location /2/ {
>         #sets this header in addition to server context ones.
>         proxy_set_header customheader2 "customValue2";
>         proxy_pass http://backend1;
>     }
> 
>     location /3/ {
>         #no location specific headers, only server context ones set.
>         proxy_pass http://backend1;
>     }
> 
>     location /special/ {
>         #Blocks merge inheritance from server context.
>         proxy_set_header_inherit off;
>         proxy_set_header Host "notserverthost.co";
>         proxy_set_header Connection "";
>         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>         proxy_pass http://backend2;
>     }
> 
> }

Even though the inheritance rules we have now are not convenient for some
people, they do have one benefit - they are simple.  Looking into a single
location is enough to have a full list of headers.  You introduce inheritable
headers which break this simplicity.

I also though about this issue and I think it'd be better to add a separate
directive/parameter which would explicitly inherit all headers from the outer
scope.

    server {
        proxy_set_header Host "notserverthost.co";

        location / {
            ...
            proxy_set_header inherit; # explicitly inherit from above

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

[..]

--
Roman Arutyunyan