Skip to content

Disable potentially info-leaking headers#231

Merged
olix0r merged 2 commits intomasterfrom
ver/elide-headers
Apr 2, 2019
Merged

Disable potentially info-leaking headers#231
olix0r merged 2 commits intomasterfrom
ver/elide-headers

Conversation

@olix0r
Copy link
Member

@olix0r olix0r commented Apr 1, 2019

The proxy has been instrumented to expose various informational l5d-
headers to expose identity and network information that would otherwise
be unaccessible to the application.

However, as described in linkerd/linkerd2#2597, when linkerd is injected
into an ingress pod, its easy to accidentally leak these details to
external applications.

Until we have a better mechanism for flagging external-facing pods,
these headers should be disabled.

The proxy has been instrumented to expose various informational `l5d-`
headers to expose identity and network information that would otherwise
be unaccessible to the application.

However, as described in linkerd/linkerd2#2597, when linkerd is injected
into an ingress pod, its easy to accidentally leak these details to
external applications.

Until we have a better mechanism for flagging external-facing pods,
these headers should be disabled.
@olix0r olix0r self-assigned this Apr 1, 2019
@hawkw
Copy link
Contributor

hawkw commented Apr 2, 2019

FWIW, I do recall having a conversation on Linkerd slack with at least one user who was (at least planning on) using the remote-ip header, so this should probably be noted as a breaking change.

@olix0r olix0r merged commit f2d907b into master Apr 2, 2019
@olix0r olix0r deleted the ver/elide-headers branch April 2, 2019 02:27
@kleimkuhler
Copy link
Contributor

@olix0r Do we want to pull this in for the edge?

hawkw added a commit that referenced this pull request Apr 2, 2019
These were previously disabled on master, but re-enabled when support
for identity was added to the test support code. PR #231 also broke
these tests, but didn't add an ignore attribute because they were already
disabled when that branch was forked.

Signed-off-by: Eliza Weisman <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants