Comments (5)
dicej
commented on June 11, 2024
1
@lann I suspect this is where the problem is:
spin/crates/trigger-http/src/lib.rs
Lines 493 to 495 in 7f55409
from spin.
lann
commented on June 11, 2024
I'm not sure where this behavior is coming from but in general it should be fine to include a default port number in an http host header.
If you manually set the host header on the request with just the hostname does it get replaced?
from spin.
seungjin
commented on June 11, 2024
If I force to add my own host header value with this: .header("Host", "seungjin.s3.amazonaws.com"),
I got a following message from Amzaon.
It is not overwriting but sending duplicated host header value:
<?xml version="1.0" encoding="UTF-8"?><Error><Code>DuplicateHeaderName</Code><Message>Your request contains duplicate headers.</Message>
from spin.
seungjin
commented on June 11, 2024
Okay. In this case, I am signing its request with the Host header value. Having a port or not is a BIG difference. The HTTP spec says it is okay to have it but also okay not to have it. But that's probably an old standard nobody needed to think about when signing a request with the hostname.
I sign the request with just the hostname (without the port), but AWS is using its host with the port because that's what AWS is getting. So the verification never happens. (Spin ships with a port, but curl and my Rust code with reqwest do not ship it.) To solve this for now (temporarily...), I also signed with the port number (forcefully adding {host}:{port}) and sent it to AWS. Of course, verification passed, and my image was up online with the trick.
The AWS API is a simpler case because my target is only one (AWS). But when I deal with Mastodon, it is not that simple. Some webservers (proxy, nginx, caddy, apache...) pass the port, and some don't. That's a configuration matter.
Anyway, I found a way I can work around it, but I don't think it is a permanent solution. Based on my search, Go/Java SDK developers have encountered similar cases.
I will get back and bash later when this issue becomes more critical. :-) Please don't close it until we clearly know what's going on. :-)
from spin.
lann
commented on June 11, 2024
Thanks for the update.
It is not overwriting but sending duplicated host header value:
This I think may be a bug, but will require some research to understand why its happening and how best to fix it.
from spin.
Related Issues (20)
- Templates: support Cargo workspaces
- Upcoming Security Release of Spin (GHSA-f3h7-gpjj-wcvh) HOT 1
- Support exporting application logs through OTel HOT 3
- spin-v2.4.3-macos-amd64.tar.gz contains the wrong architecture HOT 4
- Template install and upgrade commands use different option for Git/URL.
- Dynamically set service name for OTel resource
- `files` manifest option should warn when `destination` does not appear to be a directory HOT 3
- Consider using `http-acl` for enforcing `allowed-outbound-hosts`
- Enhance React application performance to run on embedded devices. HOT 4
- Received runtime error that should be thrown at component build time HOT 1
- Raspberry Pico HOT 1
- [OTel]: Spans produced by `spin_sdk::key_value::Store::set` don't have a parent assigned HOT 3
- Provide multiple entries as a variable for lists in 'spin.toml' HOT 17
- Add escape syntax to variables expansion syntax (`spin-expressions`) HOT 5
- Provide the ability to import manifest and runtime-config as wasm modules (components) HOT 10
- oci loader related problems with spinkube HOT 3
- Push component to registry HOT 1
- Handle redirects in outbound HTTP Requests
- Adding a trailling slash `/` to a domain name in `allow_outbound_hosts` fails HOT 1
- Move to badgen badge for discord in README
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spin.