Skip to content

fix: dont forward content-* headers from client and subgraphs#2481

Merged
StarpTech merged 3 commits intomainfrom
dustin/eng-8846-dont-forward-content-headers-to-upstream-services-when-using
Feb 3, 2026
Merged

fix: dont forward content-* headers from client and subgraphs#2481
StarpTech merged 3 commits intomainfrom
dustin/eng-8846-dont-forward-content-headers-to-upstream-services-when-using

Conversation

@StarpTech
Copy link
Copy Markdown
Contributor

@StarpTech StarpTech commented Jan 31, 2026
edited by coderabbitai Bot
Loading

Summary by CodeRabbit

Release Notes

  • Tests

    • Added validation tests for header propagation behavior with cache control rules.
    • Added verification tests for header forwarding with explicit and regex-based ignore patterns.

  • Bug Fixes

    • Enhanced header suppression to prevent Content-Encoding and Content-Length headers from being propagated to upstream services.

✏️ Tip: You can customize this high-level summary in your review settings.

Checklist

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Jan 31, 2026
edited
Loading

Walkthrough

The PR adds test coverage for header propagation and filtering behavior across client and subgraph communication, and expands the router's ignored headers list to include Content-Encoding and Content-Length headers.

Changes

Cohort / File(s) Summary
Header Propagation Tests
router-tests/header_propagation_test.go, router-tests/headers_test.go		 Added subtests validating that headers marked as ignored (explicit and regex-based) are not propagated to clients, while non-ignored headers are forwarded. Tests cover both subgraph response headers and client-supplied headers.
Header Rule Engine
router/core/header_rule_engine.go		 Expanded the ignoredHeaders list to include Content-Encoding and Content-Length headers. Reordered import statement for graphql_datasource without functional impact.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 2 | ❌ 1
❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: preventing Content-* headers from being forwarded from clients and subgraphs, which is confirmed by the test additions and header_rule_engine.go modifications.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jan 31, 2026
edited
Loading

Router-nonroot image scan passed

✅ No security vulnerabilities found in image:

ghcr.io/wundergraph/cosmo/router:sha-b80cc8fbb3747f81fc2f165c3775dae7a1769532-nonroot

@codecov
Copy link
Copy Markdown

codecov Bot commented Jan 31, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 61.60%. Comparing base (f3166dc) to head (5250dd9).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2481      +/-   ##
==========================================
+ Coverage   61.54%   61.60%   +0.05%     
==========================================
  Files         229      229              
  Lines       23883    23860      -23     
==========================================
  Hits        14698    14698              
+ Misses       7945     7923      -22     
+ Partials     1240     1239       -1
Files with missing lines Coverage Δ
router/core/header_rule_engine.go 89.28% <ø> (+0.51%) ⬆️

... and 3 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@StarpTech StarpTech merged commit 810344a into main Feb 3, 2026
30 checks passed
@StarpTech StarpTech deleted the dustin/eng-8846-dont-forward-content-headers-to-upstream-services-when-using branch February 3, 2026 11:25
@coderabbitai coderabbitai Bot mentioned this pull request Feb 5, 2026
Merged
5 tasks
maxbol pushed a commit to maxbol/cosmo that referenced this pull request Feb 12, 2026
@StarpTech @maxbol
fix: dont forward content-* headers from client and subgraphs (wunder…
44dad70 
…graph#2481)
This was referenced Feb 18, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Noroth Noroth Noroth approved these changes

@devsergiy devsergiy Awaiting requested review from devsergiy devsergiy is a code owner

@jensneuse jensneuse Awaiting requested review from jensneuse jensneuse is a code owner

@endigma endigma Awaiting requested review from endigma endigma is a code owner

@wilsonrivera wilsonrivera Awaiting requested review from wilsonrivera wilsonrivera is a code owner automatically assigned from wundergraph/cosmo

@thisisnithin thisisnithin Awaiting requested review from thisisnithin thisisnithin is a code owner automatically assigned from wundergraph/cosmo

Assignees

No one assigned

Labels

router

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@StarpTech @Noroth