github_mirrors/attachment
3
0
Fork 1
mirror of https://github.com/openappsec/attachment.git synced 2025-11-21 03:16:41 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix response body

Browse Source
This commit is contained in:
wiaamm
2025-11-19 11:51:22 +02:00
parent b1d974cea2
commit 6e5c61b954
3 changed files with 61 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
attachments/kong/plugins/open-appsec-waf-kong-plugin/handler.lua
View File

@@ -157,13 +157,10 @@ function NanoHandler.header_filter(conf)
local status_code = kong.response.get_status()
local content_length = tonumber(headers["content-length"]) or 0
-- For responses that will be streamed in chunks via body_filter, pass 0 content_length
-- to prevent nano service from trying to read the entire body at once
local nano_content_length = 0
kong.log.debug("[header_filter] Session: ", session_id, " | Status: ", status_code, " | Content-Length: ", content_length)
kong.log.debug("[header_filter] Session: ", session_id, " | Status: ", status_code, " | Content-Length: ", content_length, " | Nano Content-Length: ", nano_content_length)
local verdict, response = nano.send_response_headers(session_id, session_data, header_data, status_code, nano_content_length)
-- Send response headers WITHOUT content_length (like nginx does)
local verdict, response = nano.send_response_headers(session_id, session_data, header_data, status_code, 0)
if verdict == nano.AttachmentVerdict.DROP then
kong.log.warn("[header_filter] Response headers verdict DROP for session: ", session_id)
kong.ctx.plugin.blocked = true
@@ -172,6 +169,16 @@ function NanoHandler.header_filter(conf)
return nano.handle_custom_response(session_data, response)
end
-- Send content_length separately (like nginx does)
verdict, response = nano.send_content_length(session_id, session_data, content_length)
if verdict == nano.AttachmentVerdict.DROP then
kong.log.warn("[header_filter] Content length verdict DROP for session: ", session_id)
kong.ctx.plugin.blocked = true
nano.fini_session(session_data)
nano.cleanup_all()
return nano.handle_custom_response(session_data, response)
end
ctx.expect_body = not (status_code == 204 or status_code == 304 or (100 <= status_code and status_code < 200) or content_length == 0)
kong.log.debug("[header_filter] Session: ", session_id, " | Expect body: ", ctx.expect_body)