fix: return a more-complete 304 from TransformingTransport.RoundTrip #472
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
to address the segfault we're seeing in production. The necessary conditions for the issue are: 1. The 303 must return a location URI that changes every time, so that the real location of the image is never cached. As an example, if the remove service redirects to S3, the presence of the `X-Amz-Security-Token` accomplishes this. 2. The image responses must match by Etag, so that imageProxy.should304() returns true causing TranformingTransport.RoundTrip() to return a bare 304 response. If those conditions are met, then the bare 304 Response returned will be used and read by one of the callers. Specifically, the lack of a Body causes a segfault. So let's make it more like a real Response and use http.NoBody so when it's used it doesn't cause things to explode.
Owner
|
I knew the recursive transforming transport was a little bonkers when I first wrote it... I keep meaning to revisit that, or at the very least document how it works. This diagram is simultaneously amazing and terrifying... thanks for sharing this! Walking through the test cases now, but this fix looks pretty straightforward. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #472 +/- ##
===========================================
- Coverage 85.21% 59.75% -25.47%
===========================================
Files 6 12 +6
Lines 717 1200 +483
===========================================
+ Hits 611 717 +106
- Misses 76 451 +375
- Partials 30 32 +2 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
willnorris
approved these changes
Jun 6, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Return a more-complete 304 from TransformingTransport.RoundTrip to address a segfault we're seeing in production. The necessary conditions for the issue are:
A remote service returning a 303 response which must contain a location URI that changes every time, so that the real location of the image is never cached. As an example, if the remove service redirects to S3, the presence of the
X-Amz-Security-Tokenaccomplishes this.The image responses must match by Etag, so that imageProxy.should304() returns true causing TranformingTransport.RoundTrip() to return a bare 304 response.
If those conditions are met, then the bare 304 Response returned will be used and read by one of the callers. Specifically, the lack of a Body causes a segfault.
So let's make it more like a real Response and use http.NoBody so when it's used it doesn't cause things to explode.
This issue involves a complex set of interactions between objects, which I tried to illustrate in a flow diagram here.
This diagram may not actually be helpful to readers, and for that I'm sorry -- but constructing it was very helpful to me to understand the preconditions and the fix (which is relatively simple).