Skip to content

fix: add UNSPECIFIED zero values to ConnectionSettings enums #3725

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
istio-testing merged 1 commit into from
Jun 12, 2026
+78 −42
Merged

fix: add UNSPECIFIED zero values to ConnectionSettings enums #3725

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions mesh/v1alpha1/istio.mesh.v1alpha1.pb.html
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

82 changes: 47 additions & 35 deletions mesh/v1alpha1/proxy.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

22 changes: 15 additions & 7 deletions mesh/v1alpha1/proxy.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -884,15 +884,19 @@ message ProxyConfig {

// Action to take when Envoy receives client request with header names containing underscore characters.
enum HeadersWithUnderscoresAction {
// Unspecified. When profile is EDGE, defaults to HEADERS_WITH_UNDERSCORES_REJECT_REQUEST.
// Otherwise defaults to HEADERS_WITH_UNDERSCORES_ALLOW.
HEADERS_WITH_UNDERSCORES_UNSPECIFIED = 0;

// Allow headers with underscores.
HEADERS_WITH_UNDERSCORES_ALLOW = 0;
HEADERS_WITH_UNDERSCORES_ALLOW = 1;

// Reject client request with 400 status. HTTP/1 requests are rejected with the "underscore_in_headers" response code.
HEADERS_WITH_UNDERSCORES_REJECT_REQUEST = 1;
HEADERS_WITH_UNDERSCORES_REJECT_REQUEST = 2;

// Drop the header with name containing underscores. The header is dropped before the filter chain is invoked
// and as such filters will not see the header.
HEADERS_WITH_UNDERSCORES_DROP_HEADER = 2;
HEADERS_WITH_UNDERSCORES_DROP_HEADER = 3;
}

// Action to take when a client request contains header names with underscore characters.
Expand All @@ -907,18 +911,22 @@ message ProxyConfig {

// Determines the action for request paths that contain escaped slashes (%2F, %2f, %5C, %5c).
enum PathWithEscapedSlashesAction {
// Unspecified. When profile is EDGE, defaults to UNESCAPE_AND_REDIRECT.
// Otherwise defaults to KEEP_UNCHANGED.
PATH_WITH_ESCAPED_SLASHES_UNSPECIFIED = 0;

// Keep escaped slashes as they are.
KEEP_UNCHANGED = 0;
KEEP_UNCHANGED = 1;

// Reject client request with 400 status.
REJECT_REQUEST = 1;
REJECT_REQUEST = 2;

// Unescape %2F and %5C sequences and redirect the request to the new path if the result path is different.
UNESCAPE_AND_REDIRECT = 2;
UNESCAPE_AND_REDIRECT = 3;

// Unescape %2F and %5C sequences and forward the request. Note that this option may introduce path confusion
// vulnerabilities if the backend service does not expect unescaped slashes.
UNESCAPE_AND_FORWARD = 3;
UNESCAPE_AND_FORWARD = 4;
}

// Action to take when a request path contains escaped slash sequences (%2F, %5C).
Expand Down