Store headers in canonical form when converting from gRPC to HTTP #518
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When applications access the HTTP header via Get() on a http.Header struct, the key is canonicalized before accessing the map [1]. Therefore, if a header is stored in a not canonicalized form, the header is inaccessible. The Go http.Server converts header names to their canonicalized form when reading incoming HTTP requests to avoid the above issue, and make them effectively case-insensitive [2]. I ran into the above problem when debugging broken context propagation: OTEL reads the traceparent header with Get() on the http.Header struct [3,4]. If the traceparent header is all-lowercase in the gRPC header and is copied as-is to the http.Header, it effectively is inaccessible via the Get() function on http.Header. The w3c trace context spec mentions vendors must accept the traceparent header name in any case (upper, lower, mixed). [1] https://cs.opensource.google/go/go/+/refs/tags/go1.22.2:src/net/textproto/header.go;l=34 [2] https://cs.opensource.google/go/go/+/refs/tags/go1.22.2:src/net/textproto/reader.go;l=548 [3] https://github.com/open-telemetry/opentelemetry-go/blob/dbfc75817a8486891f5b9e461b8a746129533e37/propagation/trace_context.go#L81 [4] https://github.com/open-telemetry/opentelemetry-go/blob/dbfc75817a8486891f5b9e461b8a746129533e37/propagation/propagation.go#L63 Signed-off-by: Andreas Gerstmayr <agerstmayr@redhat.com>
Signed-off-by: Andreas Gerstmayr <agerstmayr@redhat.com>
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does:
When applications access the HTTP header via Get() on a http.Header struct, the key is canonicalized before accessing the map [1]. Therefore, if a header is stored in a not canonicalized form, the header is inaccessible.
The Go http.Server converts header names to their canonicalized form when reading incoming HTTP requests to avoid the above issue, and make them effectively case-insensitive [2].
[1] https://cs.opensource.google/go/go/+/refs/tags/go1.22.2:src/net/textproto/header.go;l=34
[2] https://cs.opensource.google/go/go/+/refs/tags/go1.22.2:src/net/textproto/reader.go;l=548
Which issue(s) this PR fixes:
I ran into the above problem when debugging broken context propagation: OTEL reads the traceparent header with Get() on the http.Header struct [3,4]. If the traceparent header is all-lowercase in the gRPC header and is copied as-is to the http.Header, it effectively is inaccessible via the Get() function on http.Header.
The w3c trace context spec mentions vendors must accept the traceparent header name in any case (upper, lower, mixed).
[3] https://github.com/open-telemetry/opentelemetry-go/blob/dbfc75817a8486891f5b9e461b8a746129533e37/propagation/trace_context.go#L81
[4] https://github.com/open-telemetry/opentelemetry-go/blob/dbfc75817a8486891f5b9e461b8a746129533e37/propagation/propagation.go#L63
Checklist
CHANGELOG.mdupdated - the order of entries should be[CHANGE],[FEATURE],[ENHANCEMENT],[BUGFIX]