Skip to content

[feat] Add httpLookupAuthAllowRedirect option to forward auth credentials on HTTP lookup redirects#588

Merged
wolfstudy merged 1 commit into
apache:mainfrom
geniusjoe:dev/http-lookup-redirect-auth
Jun 25, 2026
Merged

[feat] Add httpLookupAuthAllowRedirect option to forward auth credentials on HTTP lookup redirects#588
wolfstudy merged 1 commit into
apache:mainfrom
geniusjoe:dev/http-lookup-redirect-auth

Conversation

@geniusjoe

@geniusjoe geniusjoe commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Master Issue: #313

Motivation

When using HTTP-based lookup service with authentication enabled, the broker may respond with an HTTP redirect (3xx) to the correct owner broker if the initial broker is not the owner of the requested topic. However, by default, libcurl strips the Authorization header on cross-origin redirects for security reasons. This causes the redirected request to fail with a 401 Unauthorized error on the target broker.

This PR introduces a new client configuration option httpLookupAuthAllowRedirect to allow forwarding authentication credentials when following HTTP lookup redirects.

Modifications

  • Added setHttpLookupAuthAllowRedirect / isHttpLookupAuthAllowRedirect methods to ClientConfiguration (C++ and C API).
  • Added httpLookupAuthAllowRedirect field to ClientConfigurationImpl.
  • Added authAllowRedirect option to CurlWrapper::Options, which sets CURLOPT_UNRESTRICTED_AUTH when enabled.
  • Propagated the configuration from ClientConfiguration through HTTPLookupService to CurlWrapper during HTTP lookup requests.
  • Added unit tests for both C and C++ APIs.

Verifying this change

  • Make sure that the change passes the CI checks.

This change is already covered by existing tests, such as:

  • Added unit tests in tests/c/c_ClientConfigurationTest.cc to verify the C API getter/setter for httpLookupAuthAllowRedirect (default value, set to true, set back to false).

Documentation

  • doc-not-needed
    (The new configuration option is self-documented via its API doc comments in ClientConfiguration.h. No external documentation update is required.)

Workflow test

geniusjoe#1

@geniusjoe geniusjoe closed this Jun 17, 2026
@geniusjoe geniusjoe reopened this Jun 17, 2026
@geniusjoe geniusjoe force-pushed the dev/http-lookup-redirect-auth branch from dd89854 to 4cce2aa Compare June 25, 2026 03:08
@geniusjoe

geniusjoe commented Jun 25, 2026

Copy link
Copy Markdown
Contributor Author

@BewareMyPower
Hello, do you have time to help review this PR? Thank you very much.

@hanmz

hanmz commented Jun 25, 2026

Copy link
Copy Markdown

/pulsarbot rerun-failure-checks

@hanmz hanmz requested a review from wolfstudy June 25, 2026 07:41
@wolfstudy wolfstudy added the enhancement New feature or request label Jun 25, 2026
wolfstudy
wolfstudy approved these changes Jun 25, 2026
View reviewed changes

@wolfstudy wolfstudy left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good jobs, LGTM +1

@wolfstudy wolfstudy merged commit 55e885c into apache:main Jun 25, 2026
22 of 23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wolfstudy wolfstudy wolfstudy approved these changes
@rdhabalia rdhabalia Awaiting requested review from rdhabalia
@hanmz hanmz Awaiting requested review from hanmz
@BewareMyPower BewareMyPower Awaiting requested review from BewareMyPower
@shibd shibd Awaiting requested review from shibd

Assignees

@geniusjoe geniusjoe

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@geniusjoe @hanmz @wolfstudy