Comments (3)
Personally, I don't see the value of not passing the headers. There are lots of situations where you might want access to other standard headers, that don't have the prefix. I have used them for authentication and it's good to have access in situations where you can't change the incoming headers (like in the case of AWS lambdas, for example) and I like having access to them. What do you get from them being blocked? I'd accept a PR, if you want to add an option (with current behavior as default) to block headers that don't have a prefix.
in the official grpc-gateway
I think both of our projects don't really have a standard to follow, or have to work like the other. My gateway was created a bit after theirs, but is definitely it's own thing, and works totally different. For example, that one requires that you generate all the code up-front, whereas mine is on-the-fly, which has a small startup cost, but is easier to prototype with. Mine exposes express middleware. I think you'll find all kinds of things that differ like this, and that's ok.
from grpc-dynamic-gateway.
HTTP headers can be divided into two categories: end-to-end header and hop-to-hop header. 1 2 3. Hop-to-hop headers are meaningful only for a single transport-level connection. So generally proxies will not pass hop-to-hop headers, such as 4.
Why I encounter this problem:
My senario: webpack-dev-server ( node-http-proxy ) -> grpc-dynamic-gateway -> tonic grpc server. Node-http-proxy adds 'connection: close' to every request 5 , and grpc-dynamic-gateway forwards this header to tonic grpc server, and tonic grpc server rejects every request with 'connection: close' request header.
So I think not forwarding hop-to-htop headers, at least the most used 'connection', may be a good idea.
from grpc-dynamic-gateway.
So I think not forwarding hop-to-htop headers, at least the most used 'connection', may be a good idea.
Hmm. As I mentioned there are lots of use-cases where you might want other headers, or to not have to change the names. I like to keep things simple, so I'd rather not have a lookup table of end-to-end vs hop-to-hop headers to maintain, if I can help it. When I have used this tool in my own projects, I wanted it to be a very thin layer, so I could just inject it into another express-based app, and for the most part I think it accomplishes that goal. I'd put any special logic at the grpc level, instead of taking it on to the gateway. I'm still not convinced it's a good idea, but I'm not against it either. An issue I had with grpc-ecosystem/grpc-gateway is that I had to restructure my headers, which isn't always possible (like the lambda example I gave) or doing so would make things less standard (like Authorize
for JWT header.) That said, i'm open to PRs for config options to support more people's use-cases, as long as the basic behavior stays the same, and it doesn't add too much complication.
It seems like your use-case could be solved in several ways:
- PR for an additional config option, here. You could even incorporate a simple callback that returns true/false for a "good" header to pass (with a default of
header => true
) and then you could support the grpc-ecosystem/grpc-gateway style, or just pass all headers that are notconnection: close
or any other scheme, defined as a simple function in user-code, like using those tables from hapi you linked to. if it were me, I'd probly write it to useawait
, so I could even do (optional) async checks. I think it's like a 2 or 3 line change, and it wouldn't complicate other people's stuff or have any side-effects. - You could just use grpc-ecosystem/grpc-gateway it doesn't need to all be in node. Your server is in rust, anyway, so it might be fine to use go, too. If your grpc spec doesn't change too often, go is great at pre-compiling for a bunch of targets (for non-go people) so you could have a nice fast little gateway, tailor-made for your service.
- You could seek to PR node-http-proxy to not add
connection: close
to every request, or at least have the option to not do that. - You could seek to PR tonic to not ignore close requests. I'd have to do some testing to be sure, but I'm not sure that other grpc server-solutions do this. It's not part of the grpc spec.
For the last 2, there might even be a config option or something. I'm not sure, as I don't use these.
from grpc-dynamic-gateway.
Related Issues (20)
- Deprecation Warnings HOT 3
- Include variable in middleware has no default value
- include multiple import path? HOT 14
- An in-range update of release-it is breaking the build 🚨 HOT 2
- An in-range update of grpc is breaking the build 🚨 HOT 2
- Issue running grpc-dynamic-gateway HOT 7
- An in-range update of release-it is breaking the build 🚨 HOT 3
- No published Docker build HOT 4
- An in-range update of body-parser is breaking the build 🚨 HOT 1
- Error using package namespace in proto with . in it HOT 6
- An in-range update of yargs is breaking the build 🚨 HOT 2
- How to run custom logic before and after the gateway middleware HOT 1
- An in-range update of grpc is breaking the build 🚨 HOT 8
- 8 RESOURCE_EXHAUSTED: Received message larger than max HOT 8
- An in-range update of protocol-buffers-schema is breaking the build 🚨 HOT 1
- An in-range update of release-it is breaking the build 🚨 HOT 3
- Error: Unexpected token: "XXX.proto". Expected ";"
- better config options
- if package name has a dot. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from grpc-dynamic-gateway.