Drop skipperOauthOidc cookies in oauthOidc filter #3465
Conversation
There was a problem hiding this comment.
Pull Request Overview
This pull request removes the skipperOauthOidc cookies from requests before they are forwarded to reduce header size. Key changes include:
- Adding a new test assertion to ensure the cookie is dropped.
- Modifying the request processing in the oidc filter to remove cookies with a name matching the skipperOauthOidc pattern.
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| filters/auth/oidc_test.go | Added assertion to verify that the skipperOauthOidc cookie is dropped. |
| filters/auth/oidc.go | Updated cookie processing to drop cookies with names starting with the skipperOauthOidc prefix. |
Comments suppressed due to low confidence (2)
filters/auth/oidc.go:795
- [nitpick] Consider aligning the cookie name reference (f.cookiename) with the naming used in tests (oauthOidcCookieName) to ensure consistency across the codebase.
if strings.HasPrefix(cookie.Name, f.cookiename) {
filters/auth/oidc_test.go:867
- Verify that the oauthOidcCookieName used in the test matches the cookie name pattern applied in the oidc filter for consistency.
assert.NotContains(t, string(requestDump), oauthOidcCookieName, oauthOidcCookieName+" cookie should be dropped")
|
@AndreasSko FYI, I am testing what Copilot review is capable of so I've requested a review from it. |
AndreasSko
force-pushed
the
del_oidc_cookie
branch
2 times, most recently
from
a284aec to
08560c3
Compare
AlexanderYastrebov
added
the
major
AndreasSko
force-pushed
the
del_oidc_cookie
branch
from
08560c3 to
93297d0
Compare
|
@AlexanderYastrebov thank you for the review! I adjusted the code 🙂 |
AndreasSko
force-pushed
the
del_oidc_cookie
branch
from
93297d0 to
8f591e8
Compare
|
This feels somehow related to #1965 |
AndreasSko
force-pushed
the
del_oidc_cookie
branch
from
8f591e8 to
4367943
Compare
Yeah, true. Would you like me to adjust anything in the test? |
|
👍 |
|
Thank you for improving Skipper. |
|
@AndreasSko Could you please squash and rebase on top of master and make proper commit message. PR description and title should match those of commit message - the reason is that we release each merge to master so commit message becomes release notes. |
The `skipperOauthOidc` cookies are only intended for Skipper, so they don't need to be forwarded to the application. With this PR we simply drop those cookies before forwarding the request. This will reduce the overall header size of requests. The implementation is inspired by the [`oauthGrant` filter](https://github.com/zalando/skipper/blob/6b448b1fe90cc113e365be8fba7cd6d122ad7a6d/filters/auth/grantcookie.go#L93-L100) Closes zalando#3459 Signed-off-by: Andreas Skorczyk <[email protected]>
AndreasSko
force-pushed
the
del_oidc_cookie
branch
from
4367943 to
8efd40f
Compare
|
Sure! Squashed and adjusted the commit message to match the PR description 🙂 |
|
👍 |
|
@AlexanderYastrebov @MustafaSaber any update on this one? We are very eager to use it soon 😁😊 |
|
👍 |
The
skipperOauthOidccookies are only intended for Skipper, so they don't need to be forwarded to the application.With this PR we simply drop those cookies before forwarding the request. This will reduce the overall header size of requests.
The implementation is inspired by the
oauthGrantfilterCloses #3459