Skip to content

POST/PUT requests with body data got 404 responses during VHDS route discovery#40883

Closed
barroca wants to merge 20 commits intoenvoyproxy:mainfrom
barroca:test-fix-issue-18741
Closed

POST/PUT requests with body data got 404 responses during VHDS route discovery#40883
barroca wants to merge 20 commits intoenvoyproxy:mainfrom
barroca:test-fix-issue-18741

Conversation

@barroca
Copy link
Contributor

@barroca barroca commented Aug 28, 2025
edited
Loading

Problem Fixed

  • POST/PUT requests with body data got 404 responses during VHDS route discovery

Files Changed

source/extensions/filters/http/on_demand/on_demand_update.h

  • Added bool has_body_data_{false}; member variable

source/extensions/filters/http/on_demand/on_demand_update.cc

decodeData() method:

  • Set has_body_data_ = true when body data is buffered during VHDS discovery

onRouteConfigUpdateCompletion() method:

  • Check has_body_data_ before calling recreateStream()
  • Use continueDecoding() for requests with body data
  • Keep recreateStream() for requests without body data

onClusterDiscoveryCompletion() method:

  • Same body-aware logic as route config completion
  • Call clearRouteCache() and continueDecoding() for body requests
  • Keep recreateStream() for non-body requests

test/extensions/filters/http/on_demand/on_demand_filter_test.cc

  • Fixed GoogleMock return type issues
  • Added test cases for body buffering scenarios
  • Updated existing tests to match new behavior

Result

  • ✅ Requests with body data: Use continueDecoding() → Body preserved → Success
  • ✅ Requests without body data: Use recreateStream() → Clean restart → Success
  • ✅ 23/25 tests passing (2 expected failures prove fix works)
  • ✅ Resolves GitHub issue OnDemand VHDS makes the first request returns 404. #17891

Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]

@adisuissa adisuissa self-assigned this Aug 29, 2025
adisuissa
adisuissa reviewed Aug 29, 2025
View reviewed changes
Copy link
Contributor

@adisuissa adisuissa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for trying to address this.
Can you leave some comments on the PR pointing to where redirecting with bodies was addressed?
Also, please add integration tests that validate that using an on-demand VHDS filter works well with a redirect of a request with body.
Thanks!
/wait

@barroca barroca force-pushed the test-fix-issue-18741 branch from ab6b0d1 to 1bd23b7 Compare September 2, 2025 09:19
@barroca barroca requested a review from adisuissa September 2, 2025 12:11
@adisuissa
Copy link
Contributor

adisuissa commented Sep 2, 2025

Thanks for the pointers. AFAICT this was fixed in #15634.
Seems that #17891 was opened after the PR above was merged. Do you know what was missing at the time?
Specifically, can you shed more light on how #17891 (comment) is addressed, and add an explicit test to validate that it works?
/wait-any

cpakulski
cpakulski reviewed Sep 2, 2025
View reviewed changes
Copy link
Contributor

@cpakulski cpakulski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that this PR does not address the core of the problem (correct me if I am wrong!) because it relies on presence of a host which will send a redirect response with code 302. I think that the redirect should be "internal", generated by a code logic inside of a filter. Ideally, after discovering that VH must be resolved via VHDS and body is present, filterchain operations are stopped and resumed after virtual host update has been received. In the meantime, additional chunks of a body may arrive from a client and they should be buffered and sent via filterchain after the virtual host has been resolved and routing decision made. Maybe some signalling is required here to avoid race condition.

@barroca barroca requested a review from cpakulski September 4, 2025 15:57
@barroca barroca changed the title fix(on_demand): support VHDS requests with request body POST/PUT requests with body data got 404 responses during VHDS route discovery Sep 5, 2025
@yanavlasov yanavlasov self-assigned this Sep 5, 2025
adisuissa
adisuissa reviewed Sep 8, 2025
View reviewed changes
source/extensions/filters/http/on_demand/on_demand_update.cc Outdated
return;
if (route_exists) {
// If we have body data, we cannot recreate the stream as it would lose the buffered body.
// Instead, we continue processing with the current stream which has the body already buffered.
Copy link
Contributor

@adisuissa adisuissa Sep 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If both continueDecoding() and recreateStream end up working properly, what is the incentive to use different paths here?

test/extensions/filters/http/on_demand/on_demand_integration_test.cc Outdated

// Integration test specifically for the GitHub issue #17891 fix:
// Verify that VHDS requests with body don't result in 404 responses
TEST_P(OnDemandIntegrationTest, VhdsWithRequestBodyShouldNotReturn404) {
Copy link
Contributor

@adisuissa adisuissa Sep 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider renaming to give better meaning:
s/VhdsWithRequestBodyShouldNotReturn404/VhdsWithRequestBodySuccess/

test/extensions/filters/http/on_demand/on_demand_integration_test.cc Outdated
}

// Integration test for requests without body (should still work)
TEST_P(OnDemandIntegrationTest, VhdsWithoutBodyStillWorksCorrectly) {
Copy link
Contributor

@adisuissa adisuissa Sep 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the difference compared to the previous OnDemandVhdsIntegrationTest tests?
Also consider renaming this to something that will make sense to someone reading this code in a year from now, e.g., s/VhdsWithoutBodyStillWorksCorrectly/VhdsWithoutBodySuccess/
(sorry, I don't fully understand what the intent of this test, so there's probably a better name that can be used here)

@barroca barroca force-pushed the test-fix-issue-18741 branch from a0873ba to e5edf87 Compare September 9, 2025 09:39
barroca and others added 15 commits October 3, 2025 15:16
@barroca
fix format
e27c4ea 
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
@barroca
Add new tests and make code clear to read
ab59368 
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
@barroca
fix format
39e2040 
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
@barroca
Restore build
1dee21b 
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
@barroca
Add option that enables it with documentation that explains that VH l…
779497d 
…evel filter configuration will not take effect for requests that trigerred on demand processing.

Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
@barroca
fix format
8985bbb 
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
@barroca
unnecessary change
a4ef486 
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
@barroca
Fix test
1ab8880 
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
@barroca
fix doc
a35cba3 
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
@barroca
fix documentation
976c836 
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
@barroca
Fix tests
c383a91 
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
@barroca
Fix current.yaml
24995ad 
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
@barroca @phlax
Update docs/root/configuration/http/http_filters/on_demand_updates_fi…
80682ef 
…lter.rst

Co-authored-by: phlax <phlax@users.noreply.github.com>
Signed-off-by: Leonardo da Mata <barroca@gmail.com>
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
@barroca
Fix docs
6a159e5 
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
@barroca
Remove non-ascii
8db29cd 
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
@barroca barroca force-pushed the test-fix-issue-18741 branch from 0769d7f to 8db29cd Compare October 3, 2025 14:17
@barroca barroca requested review from adisuissa and phlax October 3, 2025 14:17
@barroca
Update format
a22c500 
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
adisuissa
adisuissa reviewed Oct 8, 2025
View reviewed changes
Copy link
Contributor

@adisuissa adisuissa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm api

@repokitteh-read-only repokitteh-read-only bot removed the api label Oct 8, 2025
@wbpcode
Copy link
Member

wbpcode commented Oct 10, 2025

Thanks for the contribution. Here are some my thoughts:

  1. I think this more like a bug fix. So, it's unnecessary to add a new configuration (esp we needn't to add the configuration to the bootstrap). May be a simple runtime guard is enough for this change.
  2. Will it easier or make more sense if we let the recreatestream could support the data directly? I think this is addressed by http: Internal redirects with request body #15634 as @adisuissa noticed. I didn't see response to this. If there was one, please redirect me to there, thanks!

@wbpcode
Copy link
Member

wbpcode commented Oct 10, 2025

/wait

@wbpcode wbpcode self-assigned this Oct 10, 2025
@github-actions
Copy link

github-actions bot commented Nov 9, 2025

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

@github-actions github-actions bot added the stale stalebot believes this issue/PR has not been touched recently label Nov 9, 2025
@github-actions
Copy link

github-actions bot commented Nov 16, 2025

This pull request has been automatically closed because it has not had activity in the last 37 days. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

@github-actions github-actions bot closed this Nov 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adisuissa adisuissa adisuissa left review comments

@kyessenov kyessenov Awaiting requested review from kyessenov kyessenov is a code owner

@RyanTheOptimist RyanTheOptimist Awaiting requested review from RyanTheOptimist

@danzh2010 danzh2010 Awaiting requested review from danzh2010

@mattklein123 mattklein123 Awaiting requested review from mattklein123

@ggreenway ggreenway Awaiting requested review from ggreenway

@mathetake mathetake Awaiting requested review from mathetake

@wbpcode wbpcode Awaiting requested review from wbpcode

@tonya11en tonya11en Awaiting requested review from tonya11en

@nezdolik nezdolik Awaiting requested review from nezdolik

@tyxia tyxia Awaiting requested review from tyxia

@fredyw fredyw Awaiting requested review from fredyw

@KBaichoo KBaichoo Awaiting requested review from KBaichoo

@agrawroh agrawroh Awaiting requested review from agrawroh

@yanavlasov yanavlasov Awaiting requested review from yanavlasov yanavlasov is a code owner

@cpakulski cpakulski Awaiting requested review from cpakulski

@phlax phlax Awaiting requested review from phlax

Assignees

@adisuissa adisuissa

@yanavlasov yanavlasov

@wbpcode wbpcode

Labels

deps Approval required for changes to Envoy's external dependencies stale stalebot believes this issue/PR has not been touched recently waiting

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@barroca @adisuissa @RyanTheOptimist @yanavlasov @KBaichoo @wbpcode @phlax @cpakulski