runtime: deprecating sanitize_http2_headers_without_nghttp2 (envoypro…

…xy#38123) Risk Level: low Testing: n/a Docs Changes: n/a Release Notes: yes Fixes envoyproxy#38052 Signed-off-by: Alyssa Wilk <[email protected]>
makesoftwaresafe · Jan 22, 2025 · 0ee6aa5 · 0ee6aa5
1 parent 38e7ce2
commit 0ee6aa5
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 19 deletions.
diff --git a/changelogs/current.yaml b/changelogs/current.yaml
@@ -25,6 +25,9 @@ bug_fixes:
 
 removed_config_or_runtime:
 # *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
+- area: http
+  change: |
+    Removed runtime guard ``envoy.reloadable_features.sanitize_http2_headers_without_nghttp2`` and legacy code paths.
 - area: access_log
   change: |
     Removed runtime guard ``envoy.reloadable_features.upstream_remote_address_use_connection`` and legacy code paths.

diff --git a/source/common/http/header_utility.cc b/source/common/http/header_utility.cc
@@ -131,14 +131,6 @@ bool HeaderUtility::headerValueIsValid(const absl::string_view header_value) {
 
 bool HeaderUtility::headerNameIsValid(absl::string_view header_key) {
   if (!header_key.empty() && header_key[0] == ':') {
-#ifdef ENVOY_NGHTTP2
-    if (!Runtime::runtimeFeatureEnabled(
-            "envoy.reloadable_features.sanitize_http2_headers_without_nghttp2")) {
-      // For HTTP/2 pseudo header, use the HTTP/2 semantics for checking validity
-      return nghttp2_check_header_name(reinterpret_cast<const uint8_t*>(header_key.data()),
-                                       header_key.size()) != 0;
-    }
-#endif
     header_key.remove_prefix(1);
     if (header_key.empty()) {
       return false;

diff --git a/source/common/runtime/runtime_features.cc b/source/common/runtime/runtime_features.cc
@@ -88,7 +88,6 @@ RUNTIME_GUARD(envoy_reloadable_features_quic_upstream_reads_fixed_number_packets
 RUNTIME_GUARD(envoy_reloadable_features_quic_upstream_socket_use_address_cache_for_read);
 RUNTIME_GUARD(envoy_reloadable_features_reject_invalid_yaml);
 RUNTIME_GUARD(envoy_reloadable_features_report_stream_reset_error_code);
-RUNTIME_GUARD(envoy_reloadable_features_sanitize_http2_headers_without_nghttp2);
 RUNTIME_GUARD(envoy_reloadable_features_sanitize_sni_in_access_log);
 RUNTIME_GUARD(envoy_reloadable_features_shadow_policy_inherit_trace_sampling);
 RUNTIME_GUARD(envoy_reloadable_features_skip_dns_lookup_for_proxied_requests);

diff --git a/test/common/http/header_utility_test.cc b/test/common/http/header_utility_test.cc
@@ -1146,7 +1146,7 @@ TEST(HeaderAddTest, HeaderAdd) {
   });
 }
 
-void headerNameIsValid() {
+TEST(HeaderIsValidTest, HeaderNameIsValid) {
   // Isn't valid but passes legacy checks.
   EXPECT_FALSE(HeaderUtility::headerNameIsValid(":"));
   EXPECT_FALSE(HeaderUtility::headerNameIsValid("::"));
@@ -1159,15 +1159,6 @@ void headerNameIsValid() {
   EXPECT_TRUE(HeaderUtility::headerNameIsValid(":asd"));
 }
 
-TEST(HeaderIsValidTest, HeaderNameIsValid) { headerNameIsValid(); }
-
-TEST(HeaderIsValidTest, HeaderNameIsValidLegacy) {
-  TestScopedRuntime scoped_runtime;
-  scoped_runtime.mergeValues(
-      {{"envoy.reloadable_features.sanitize_http2_headers_without_nghttp2", "false"}});
-  headerNameIsValid();
-}
-
 TEST(HeaderIsValidTest, HeaderNameContainsUnderscore) {
   EXPECT_FALSE(HeaderUtility::headerNameContainsUnderscore("cookie"));
   EXPECT_FALSE(HeaderUtility::headerNameContainsUnderscore("x-something"));