-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow for proxy provided nonce
in chttpd
#4993
Labels
Comments
good idea, but let's protect ourselves from client input. rejecting an x-couch-request-id that's above a certain length, say. |
+1 to check the length and maybe also ensure it has only alphanumeric characters, no escapes, slashes, semicolons, etc. |
agreed on those extra checks, nick. |
and a 400 bad request if those checks aren't met, rather than silently ignoring the header or stripping it of invalid chars, etc. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Summary
As mentioned in #4990, when using a load balancer or proxy in front of CouchDB, the proxy will not receive the chosen
nonce
value from CouchDB until the response headers are sent, which, in the event of long running_find
queries that return no data, can be a considerable amount of time longer than typical proxy timeouts.The result is that the Mango reports are logged with the
nonce
value but the proxy timed out the request before getting any response headers so it was never able to retrieve thenonce
for logging and connecting the proxy logs with the mango report. This is exacerbated bychttpd:maybe_log
typically being set to false when using a proxy alongside a CouchDB cluster.I was going to suggest modifying
chttpd:maybe_log
to be configurable based on error types, but @rnewson had a much simpler suggestion of allowing the proxy to provide thenonce
, thereby establishing the connection from the get go.I suggest we stick with the existing naming and allow for a request header named
X-Couch-Request-ID
, following https://github.com/apache/couchdb/blob/main/src/chttpd/src/chttpd.erl#L1368.Desired Behaviour
A frontend proxy load balancer to a CouchDB cluster may supply an
X-Couch-Request-ID
to utilize as thenonce
value instead of randomly generating one here: https://github.com/apache/couchdb/blob/main/src/chttpd/src/chttpd.erl#L297-L317Possible Solution
Additional context
#4990
The text was updated successfully, but these errors were encountered: