Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bp/1.29] jwt: do not concatenate duplicated headers (#32248) #32365

Merged
merged 1 commit into from
Feb 13, 2024
Merged

[bp/1.29] jwt: do not concatenate duplicated headers (#32248) #32365

merged 1 commit into from
Feb 13, 2024

Conversation

jewertow
Copy link
Contributor

Duplicated headers should not be concatenated with a comma, because comma is not allowed in a JWT token, so concatenation invalidates tokens. This PR fixes #31468.

Risk Level:
Testing: unit tests
Docs Changes: none
Release Notes:
Platform Specific Features: none

@jewertow jewertow requested a review from lizan as a code owner February 13, 2024 13:41
@phlax phlax self-assigned this Feb 13, 2024
@phlax
Copy link
Member

phlax commented Feb 13, 2024

@jewertow you will need to rebase to the release branch (force pushing is fine on backports as we want to preserve the commit)

same for the other bp - thanks

@jewertow
jwt: do not concatenate duplicated headers (envoyproxy#32248)
486d5fa 
Duplicated headers should not be concatenated with a comma, because comma is not allowed in a JWT token, so concatenation invalidates tokens.
This PR fixes envoyproxy#31468.

Risk Level:
Testing: unit tests
Docs Changes: none
Release Notes:
Platform Specific Features: none

Signed-off-by: Jacek Ewertowski <jewertow@redhat.com>
@jewertow jewertow force-pushed the bp-1-29-jwt-do-not-concatenate-headers branch from 8b175d1 to 486d5fa Compare February 13, 2024 14:45
@jewertow
Copy link
Contributor Author

@phlax done

phlax
phlax approved these changes Feb 13, 2024
View reviewed changes
Copy link
Member

@phlax phlax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, thanks @jewertow

@phlax phlax enabled auto-merge (rebase) February 13, 2024 14:59
@phlax phlax merged commit 2c41cbb into envoyproxy:release/v1.29 Feb 13, 2024
41 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phlax phlax phlax approved these changes

@lizan lizan Awaiting requested review from lizan

Assignees

@phlax phlax

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jewertow @phlax