[keycloak-user] keycloak-gatekeeper doing compression offloading without the instruction to do so
Malte Schmidt
m at maltris.org
Fri May 10 03:54:27 EDT 2019
Hello, I recently discovered strange behaviour of an application which
is being protected by gatekeeper when I noticed that the resources from
the application are being transmitted uncompressed.
Looks like that the "content-encoding: gzip" header gets missing and the
response to the client/reverse proxy happens uncompressed, after being
passed through gatekeeper.
I tried to search the documentation for gatekeeper and this behaviour,
but failed to find anything of use.
Ideas on how to pass already compressed data through gatekeeper or any
other opinions?
Normal communication from the client over the reverse proxy to the
application server:
Client to reverse proxy
GET /test.js HTTP/1.1
[...]
Accept-Encoding: deflate, gzip
Reverse proxy to application server
GET /test.js HTTP/1.1
[...]
Accept-Encoding: deflate, gzip
Answer from the application server over the reverse proxy to the client
HTTP/1.1 200 OK
[...]
vary: accept-encoding
content-encoding: gzip
keycloak-gatekeeper added to the chain, between the reverse proxy and
the upstream
Gatekeeper to its upstream
GET /test.js HTTP/1.1
[...]
Accept-Encoding: gzip
Upstream to gatekeeper
HTTP/1.1 200 OK
[...]
vary: accept-encoding
content-encoding: gzip
Gatekeeper to client
HTTP/1.1 200 OK
[...]
Vary: accept-encoding
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20190510/4fc992d0/attachment.bin
More information about the keycloak-user
mailing list