/proc/self/cwd/source/common/http/headers.h

Source (jump to first uncovered line)
#pragma once

#include <string>

#include "envoy/http/header_map.h"

#include "source/common/singleton/const_singleton.h"
#include "source/common/singleton/threadsafe_singleton.h"

namespace Envoy {
namespace Http {

// This class allows early override of the x-envoy prefix from bootstrap config,
// so that servers can configure their own x-custom-string prefix.
//
// Once the HeaderValues const singleton has been created, changing the prefix
// is disallowed. Essentially this is write-once then read-only.
class PrefixValue {
public:
  const char* prefix() {
    absl::WriterMutexLock lock(&m_);
    read_ = true;
    return prefix_.c_str();
  }

  // The char* prefix is used directly, so must be available for the interval where prefix() may be
  // called.
  void setPrefix(const char* prefix) {
    absl::WriterMutexLock lock(&m_);
    // The check for unchanged string is purely for integration tests - this
    // should not happen in production.
    RELEASE_ASSERT(!read_ || prefix_ == std::string(prefix),
                   "Attempting to change the header prefix after it has been used!");
    if (!read_) {
      prefix_ = prefix;
    }
  }

private:
  absl::Mutex m_;
  bool read_ = false;
  std::string prefix_ = "x-envoy";
};

/**
 * These are headers that are used in extension custom O(1) header registration. These headers
 * *must* not contain any prefix override headers, as static init order requires that HeaderValues
 * be instantiated for the first time after bootstrap is loaded and before the header maps are
 * finalized.
 */
class CustomHeaderValues {
public:
  const LowerCaseString Accept{"accept"};
  const LowerCaseString AcceptEncoding{"accept-encoding"};
  const LowerCaseString AccessControlRequestHeaders{"access-control-request-headers"};
  const LowerCaseString AccessControlRequestMethod{"access-control-request-method"};
  const LowerCaseString AccessControlAllowOrigin{"access-control-allow-origin"};
  const LowerCaseString AccessControlAllowHeaders{"access-control-allow-headers"};
  const LowerCaseString AccessControlAllowMethods{"access-control-allow-methods"};
  const LowerCaseString AccessControlExposeHeaders{"access-control-expose-headers"};
  const LowerCaseString AccessControlMaxAge{"access-control-max-age"};
  const LowerCaseString AccessControlAllowCredentials{"access-control-allow-credentials"};
  const LowerCaseString AccessControlRequestPrviateNetwork{
      "access-control-request-private-network"};
  const LowerCaseString AccessControlAllowPrviateNetwork{"access-control-allow-private-network"};
  const LowerCaseString Age{"age"};
  const LowerCaseString AltSvc{"alt-svc"};
  const LowerCaseString Authentication{"authentication"};
  const LowerCaseString Authorization{"authorization"};
  const LowerCaseString CacheControl{"cache-control"};
  const LowerCaseString CacheStatus{"cache-status"};
  const LowerCaseString CdnLoop{"cdn-loop"};
  const LowerCaseString ContentEncoding{"content-encoding"};
  const LowerCaseString ConnectAcceptEncoding{"connect-accept-encoding"};
  const LowerCaseString ConnectContentEncoding{"connect-content-encoding"};
  const LowerCaseString ConnectProtocolVersion{"connect-protocol-version"};
  const LowerCaseString ConnectTimeoutMs{"connect-timeout-ms"};
  const LowerCaseString Etag{"etag"};
  const LowerCaseString Expires{"expires"};
  const LowerCaseString GrpcAcceptEncoding{"grpc-accept-encoding"};
  const LowerCaseString GrpcEncoding{"grpc-encoding"};
  const LowerCaseString GrpcMessageType{"grpc-message-type"};
  const LowerCaseString GrpcTimeout{"grpc-timeout"};
  const LowerCaseString IfMatch{"if-match"};
  const LowerCaseString IfNoneMatch{"if-none-match"};
  const LowerCaseString IfModifiedSince{"if-modified-since"};
  const LowerCaseString IfUnmodifiedSince{"if-unmodified-since"};
  const LowerCaseString IfRange{"if-range"};
  const LowerCaseString LastModified{"last-modified"};
  const LowerCaseString Origin{"origin"};
  const LowerCaseString OtSpanContext{"x-ot-span-context"};
  const LowerCaseString Pragma{"pragma"};
  const LowerCaseString Referer{"referer"};
  const LowerCaseString Vary{"vary"};

  struct {
    const std::string Gzip{"gzip"};
    const std::string Identity{"identity"};
    const std::string Wildcard{"*"};
  } AcceptEncodingValues;

  struct {
    const std::string All{"*"};
  } AccessControlAllowOriginValue;

  struct {
    const std::string NoCache{"no-cache"};
    const std::string NoCacheMaxAge0{"no-cache, max-age=0"};
    const std::string NoTransform{"no-transform"};
    const std::string Private{"private"};
  } CacheControlValues;

  struct {
    const std::string Brotli{"br"};
    const std::string Gzip{"gzip"};
    const std::string Zstd{"zstd"};
  } ContentEncodingValues;

  struct {
    const std::string True{"true"};
  } CORSValues;

  struct {
    const std::string Default{"identity"};
  } GrpcAcceptEncodingValues;

  struct {
    const std::string AcceptEncoding{"Accept-Encoding"};
    const std::string Wildcard{"*"};
  } VaryValues;
};

using CustomHeaders = ConstSingleton<CustomHeaderValues>;

/**
 * Constant HTTP headers and values. All lower case. This group of headers can contain prefix
 * override headers.
 */
class HeaderValues {
public:
  const char* prefix() const { return ThreadSafeSingleton<PrefixValue>::get().prefix(); }

  const LowerCaseString ProxyAuthenticate{"proxy-authenticate"};
  const LowerCaseString ProxyAuthorization{"proxy-authorization"};
  const LowerCaseString CapsuleProtocol{"capsule-protocol"};
  const LowerCaseString ClientTraceId{"x-client-trace-id"};
  const LowerCaseString Connection{"connection"};
  const LowerCaseString ContentLength{"content-length"};
  const LowerCaseString ContentRange{"content-range"};
  const LowerCaseString ContentType{"content-type"};
  const LowerCaseString Cookie{"cookie"};
  const LowerCaseString Date{"date"};
  const LowerCaseString EnvoyAttemptCount{absl::StrCat(prefix(), "-attempt-count")};
  const LowerCaseString EnvoyCluster{absl::StrCat(prefix(), "-cluster")};
  const LowerCaseString EnvoyDegraded{absl::StrCat(prefix(), "-degraded")};
  const LowerCaseString EnvoyDownstreamServiceCluster{
      absl::StrCat(prefix(), "-downstream-service-cluster")};
  const LowerCaseString EnvoyDownstreamServiceNode{
      absl::StrCat(prefix(), "-downstream-service-node")};
  const LowerCaseString EnvoyExternalAddress{absl::StrCat(prefix(), "-external-address")};
  const LowerCaseString EnvoyForceTrace{absl::StrCat(prefix(), "-force-trace")};
  const LowerCaseString EnvoyHedgeOnPerTryTimeout{
      absl::StrCat(prefix(), "-hedge-on-per-try-timeout")};
  const LowerCaseString EnvoyImmediateHealthCheckFail{
      absl::StrCat(prefix(), "-immediate-health-check-fail")};
  const LowerCaseString EnvoyIsTimeoutRetry{absl::StrCat(prefix(), "-is-timeout-retry")};
  const LowerCaseString EnvoyOriginalUrl{absl::StrCat(prefix(), "-original-url")};
  const LowerCaseString EnvoyInternalRequest{absl::StrCat(prefix(), "-internal")};
  // TODO(mattklein123): EnvoyIpTags should be a custom header registered with the IP tagging
  // filter. We need to figure out if we can remove this header from the set of headers that
  // participate in prefix overrides.
  const LowerCaseString EnvoyIpTags{absl::StrCat(prefix(), "-ip-tags")};
  const LowerCaseString EnvoyMaxRetries{absl::StrCat(prefix(), "-max-retries")};
  const LowerCaseString EnvoyNotForwarded{absl::StrCat(prefix(), "-not-forwarded")};
  const LowerCaseString EnvoyOriginalDstHost{absl::StrCat(prefix(), "-original-dst-host")};
  const LowerCaseString EnvoyOriginalMethod{absl::StrCat(prefix(), "-original-method")};
  const LowerCaseString EnvoyOriginalPath{absl::StrCat(prefix(), "-original-path")};
  const LowerCaseString EnvoyOverloaded{absl::StrCat(prefix(), "-overloaded")};
  const LowerCaseString EnvoyRateLimited{absl::StrCat(prefix(), "-ratelimited")};
  const LowerCaseString EnvoyRetryOn{absl::StrCat(prefix(), "-retry-on")};
  const LowerCaseString EnvoyRetryGrpcOn{absl::StrCat(prefix(), "-retry-grpc-on")};
  const LowerCaseString EnvoyRetriableStatusCodes{
      absl::StrCat(prefix(), "-retriable-status-codes")};
  const LowerCaseString EnvoyRetriableHeaderNames{
      absl::StrCat(prefix(), "-retriable-header-names")};
  const LowerCaseString EnvoyUpstreamAltStatName{absl::StrCat(prefix(), "-upstream-alt-stat-name")};
  const LowerCaseString EnvoyUpstreamCanary{absl::StrCat(prefix(), "-upstream-canary")};
  const LowerCaseString EnvoyUpstreamHostAddress{absl::StrCat(prefix(), "-upstream-host-address")};
  const LowerCaseString EnvoyUpstreamHostname{absl::StrCat(prefix(), "-upstream-hostname")};
  const LowerCaseString EnvoyUpstreamRequestTimeoutAltResponse{
      absl::StrCat(prefix(), "-upstream-rq-timeout-alt-response")};
  const LowerCaseString EnvoyUpstreamRequestTimeoutMs{
      absl::StrCat(prefix(), "-upstream-rq-timeout-ms")};
  const LowerCaseString EnvoyUpstreamRequestPerTryTimeoutMs{
      absl::StrCat(prefix(), "-upstream-rq-per-try-timeout-ms")};
  const LowerCaseString EnvoyExpectedRequestTimeoutMs{
      absl::StrCat(prefix(), "-expected-rq-timeout-ms")};
  const LowerCaseString EnvoyUpstreamServiceTime{absl::StrCat(prefix(), "-upstream-service-time")};
  const LowerCaseString EnvoyUpstreamHealthCheckedCluster{
      absl::StrCat(prefix(), "-upstream-healthchecked-cluster")};
  const LowerCaseString EnvoyUpstreamStreamDurationMs{
      absl::StrCat(prefix(), "-upstream-stream-duration-ms")};
  const LowerCaseString EnvoyDecoratorOperation{absl::StrCat(prefix(), "-decorator-operation")};
  const LowerCaseString Expect{"expect"};
  const LowerCaseString ForwardedClientCert{"x-forwarded-client-cert"};
  const LowerCaseString ForwardedFor{"x-forwarded-for"};
  const LowerCaseString ForwardedHost{"x-forwarded-host"};
  const LowerCaseString ForwardedPort{"x-forwarded-port"};
  const LowerCaseString ForwardedProto{"x-forwarded-proto"};
  const LowerCaseString GrpcMessage{"grpc-message"};
  const LowerCaseString GrpcStatus{"grpc-status"};
  const LowerCaseString GrpcTimeout{"grpc-timeout"};
  const LowerCaseString GrpcStatusDetailsBin{"grpc-status-details-bin"};
  const LowerCaseString Host{":authority"};
  const LowerCaseString HostLegacy{"host"};
  const LowerCaseString Http2Settings{"http2-settings"};
  const LowerCaseString KeepAlive{"keep-alive"};
  const LowerCaseString Location{"location"};
  const LowerCaseString Method{":method"};
  const LowerCaseString Path{":path"};
  const LowerCaseString Protocol{":protocol"};
  const LowerCaseString ProxyConnection{"proxy-connection"};
  const LowerCaseString ProxyStatus{"proxy-status"};
  const LowerCaseString Range{"range"};
  const LowerCaseString RequestId{"x-request-id"};
  const LowerCaseString Scheme{":scheme"};
  const LowerCaseString Server{"server"};
  const LowerCaseString SetCookie{"set-cookie"};
  const LowerCaseString Status{":status"};
  const LowerCaseString TransferEncoding{"transfer-encoding"};
  const LowerCaseString TE{"te"};
  const LowerCaseString Upgrade{"upgrade"};
  const LowerCaseString UserAgent{"user-agent"};
  const LowerCaseString Via{"via"};
  const LowerCaseString WWWAuthenticate{"www-authenticate"};
  const LowerCaseString XContentTypeOptions{"x-content-type-options"};
  const LowerCaseString XSquashDebug{"x-squash-debug"};
  const LowerCaseString EarlyData{"early-data"};

  struct {
    const std::string Close{"close"};
    const std::string Http2Settings{"http2-settings"};
    const std::string KeepAlive{"keep-alive"};
    const std::string Upgrade{"upgrade"};
  } ConnectionValues;

  struct {
    const std::string H2c{"h2c"};
    const std::string WebSocket{"websocket"};
    const std::string ConnectUdp{"connect-udp"};
  } UpgradeValues;

  struct {
    const std::string Text{"text/plain"};
    const std::string TextEventStream{"text/event-stream"};
    const std::string TextUtf8{"text/plain; charset=UTF-8"}; // TODO(jmarantz): fold this into Text
    const std::string Html{"text/html; charset=UTF-8"};
    const std::string Connect{"application/connect"};
    const std::string ConnectProto{"application/connect+proto"};
    const std::string Grpc{"application/grpc"};
    const std::string GrpcWeb{"application/grpc-web"};
    const std::string GrpcWebProto{"application/grpc-web+proto"};
    const std::string GrpcWebText{"application/grpc-web-text"};
    const std::string GrpcWebTextProto{"application/grpc-web-text+proto"};
    const std::string Json{"application/json"};
    const std::string Protobuf{"application/x-protobuf"};
    const std::string FormUrlEncoded{"application/x-www-form-urlencoded"};
  } ContentTypeValues;

  struct {
    const std::string True{"true"};
  } EnvoyImmediateHealthCheckFailValues;

  struct {
    const std::string True{"true"};
  } EnvoyInternalRequestValues;

  struct {
    const std::string True{"true"};
  } EnvoyOverloadedValues;

  struct {
    const std::string True{"true"};
  } EnvoyRateLimitedValues;

  struct {
    const std::string _5xx{"5xx"};
    const std::string GatewayError{"gateway-error"};
    const std::string ConnectFailure{"connect-failure"};
    const std::string EnvoyRateLimited{"envoy-ratelimited"};
    const std::string RefusedStream{"refused-stream"};
    const std::string Retriable4xx{"retriable-4xx"};
    const std::string RetriableStatusCodes{"retriable-status-codes"};
    const std::string RetriableHeaders{"retriable-headers"};
    const std::string Reset{"reset"};
    const std::string Http3PostConnectFailure{"http3-post-connect-failure"};
  } EnvoyRetryOnValues;

  struct {
    const std::string Cancelled{"cancelled"};
    const std::string DeadlineExceeded{"deadline-exceeded"};
    const std::string ResourceExhausted{"resource-exhausted"};
    const std::string Unavailable{"unavailable"};
    const std::string Internal{"internal"};
  } EnvoyRetryOnGrpcValues;

  struct {
    const std::string _100Continue{"100-continue"};
  } ExpectValues;

  struct {
    const std::string Connect{"CONNECT"};
    const std::string Delete{"DELETE"};
    const std::string Get{"GET"};
    const std::string Head{"HEAD"};
    const std::string Options{"OPTIONS"};
    const std::string Patch{"PATCH"};
    const std::string Post{"POST"};
    const std::string Put{"PUT"};
    const std::string Trace{"TRACE"};
  } MethodValues;

  struct {
    // per https://tools.ietf.org/html/draft-kinnear-httpbis-http2-transport-02
    const std::string Bytestream{"bytestream"};
  } ProtocolValues;

  struct {
    const std::string Http{"http"};
    const std::string Https{"https"};
  } SchemeValues;

  struct {
    const std::string Brotli{"br"};
    const std::string Compress{"compress"};
    const std::string Chunked{"chunked"};
    const std::string Deflate{"deflate"};
    const std::string Gzip{"gzip"};
    const std::string Identity{"identity"};
    const std::string Zstd{"zstd"};
  } TransferEncodingValues;

  struct {
    const std::string EnvoyHealthChecker{"Envoy/HC"};
  } UserAgentValues;

  struct {
    const std::string Trailers{"trailers"};
  } TEValues;

  struct {
    const std::string Nosniff{"nosniff"};
  } XContentTypeOptionValues;

  struct {
    const std::string Http10String{"HTTP/1.0"};
    const std::string Http11String{"HTTP/1.1"};
    const std::string Http2String{"HTTP/2"};
    const std::string Http3String{"HTTP/3"};
  } ProtocolStrings;
};

using Headers = ConstSingleton<HeaderValues>;

} // namespace Http
} // namespace Envoy

Coverage Report

Created: 2023-11-12 09:30

Line	Count	Source (jump to first uncovered line)
1		#pragma once
2
3		#include <string>
4
5		#include "envoy/http/header_map.h"
6
7		#include "source/common/singleton/const_singleton.h"
8		#include "source/common/singleton/threadsafe_singleton.h"
9
10		namespace Envoy {
11		namespace Http {
12
13		// This class allows early override of the x-envoy prefix from bootstrap config,
14		// so that servers can configure their own x-custom-string prefix.
15		//
16		// Once the HeaderValues const singleton has been created, changing the prefix
17		// is disallowed. Essentially this is write-once then read-only.
18		class PrefixValue {
19		public:
20	37.1k	const char* prefix() {
21	37.1k	absl::WriterMutexLock lock(&m_);
22	37.1k	read_ = true;
23	37.1k	return prefix_.c_str();
24	37.1k	}
25
26		// The char* prefix is used directly, so must be available for the interval where prefix() may be
27		// called.
28	0	void setPrefix(const char* prefix) {
29	0	absl::WriterMutexLock lock(&m_);
30		// The check for unchanged string is purely for integration tests - this
31		// should not happen in production.
32	0	RELEASE_ASSERT(!read_ \|\| prefix_ == std::string(prefix),
33	0	"Attempting to change the header prefix after it has been used!");
34	0	if (!read_) {
35	0	prefix_ = prefix;
36	0	}
37	0	} Unexecuted instantiation: Envoy::Http::PrefixValue::setPrefix(char const) Unexecuted instantiation: Envoy::Http::PrefixValue::setPrefix(char const)
38
39		private:
40		absl::Mutex m_;
41		bool read_ = false;
42		std::string prefix_ = "x-envoy";
43		};
44
45		/**
46		* These are headers that are used in extension custom O(1) header registration. These headers
47		* must not contain any prefix override headers, as static init order requires that HeaderValues
48		* be instantiated for the first time after bootstrap is loaded and before the header maps are
49		* finalized.
50		*/
51		class CustomHeaderValues {
52		public:
53		const LowerCaseString Accept{"accept"};
54		const LowerCaseString AcceptEncoding{"accept-encoding"};
55		const LowerCaseString AccessControlRequestHeaders{"access-control-request-headers"};
56		const LowerCaseString AccessControlRequestMethod{"access-control-request-method"};
57		const LowerCaseString AccessControlAllowOrigin{"access-control-allow-origin"};
58		const LowerCaseString AccessControlAllowHeaders{"access-control-allow-headers"};
59		const LowerCaseString AccessControlAllowMethods{"access-control-allow-methods"};
60		const LowerCaseString AccessControlExposeHeaders{"access-control-expose-headers"};
61		const LowerCaseString AccessControlMaxAge{"access-control-max-age"};
62		const LowerCaseString AccessControlAllowCredentials{"access-control-allow-credentials"};
63		const LowerCaseString AccessControlRequestPrviateNetwork{
64		"access-control-request-private-network"};
65		const LowerCaseString AccessControlAllowPrviateNetwork{"access-control-allow-private-network"};
66		const LowerCaseString Age{"age"};
67		const LowerCaseString AltSvc{"alt-svc"};
68		const LowerCaseString Authentication{"authentication"};
69		const LowerCaseString Authorization{"authorization"};
70		const LowerCaseString CacheControl{"cache-control"};
71		const LowerCaseString CacheStatus{"cache-status"};
72		const LowerCaseString CdnLoop{"cdn-loop"};
73		const LowerCaseString ContentEncoding{"content-encoding"};
74		const LowerCaseString ConnectAcceptEncoding{"connect-accept-encoding"};
75		const LowerCaseString ConnectContentEncoding{"connect-content-encoding"};
76		const LowerCaseString ConnectProtocolVersion{"connect-protocol-version"};
77		const LowerCaseString ConnectTimeoutMs{"connect-timeout-ms"};
78		const LowerCaseString Etag{"etag"};
79		const LowerCaseString Expires{"expires"};
80		const LowerCaseString GrpcAcceptEncoding{"grpc-accept-encoding"};
81		const LowerCaseString GrpcEncoding{"grpc-encoding"};
82		const LowerCaseString GrpcMessageType{"grpc-message-type"};
83		const LowerCaseString GrpcTimeout{"grpc-timeout"};
84		const LowerCaseString IfMatch{"if-match"};
85		const LowerCaseString IfNoneMatch{"if-none-match"};
86		const LowerCaseString IfModifiedSince{"if-modified-since"};
87		const LowerCaseString IfUnmodifiedSince{"if-unmodified-since"};
88		const LowerCaseString IfRange{"if-range"};
89		const LowerCaseString LastModified{"last-modified"};
90		const LowerCaseString Origin{"origin"};
91		const LowerCaseString OtSpanContext{"x-ot-span-context"};
92		const LowerCaseString Pragma{"pragma"};
93		const LowerCaseString Referer{"referer"};
94		const LowerCaseString Vary{"vary"};
95
96		struct {
97		const std::string Gzip{"gzip"};
98		const std::string Identity{"identity"};
99		const std::string Wildcard{"*"};
100		} AcceptEncodingValues;
101
102		struct {
103		const std::string All{"*"};
104		} AccessControlAllowOriginValue;
105
106		struct {
107		const std::string NoCache{"no-cache"};
108		const std::string NoCacheMaxAge0{"no-cache, max-age=0"};
109		const std::string NoTransform{"no-transform"};
110		const std::string Private{"private"};
111		} CacheControlValues;
112
113		struct {
114		const std::string Brotli{"br"};
115		const std::string Gzip{"gzip"};
116		const std::string Zstd{"zstd"};
117		} ContentEncodingValues;
118
119		struct {
120		const std::string True{"true"};
121		} CORSValues;
122
123		struct {
124		const std::string Default{"identity"};
125		} GrpcAcceptEncodingValues;
126
127		struct {
128		const std::string AcceptEncoding{"Accept-Encoding"};
129		const std::string Wildcard{"*"};
130		} VaryValues;
131		};
132
133		using CustomHeaders = ConstSingleton<CustomHeaderValues>;
134
135		/**
136		* Constant HTTP headers and values. All lower case. This group of headers can contain prefix
137		* override headers.
138		*/
139		class HeaderValues {
140		public:
141	37.1k	const char* prefix() const { return ThreadSafeSingleton<PrefixValue>::get().prefix(); }
142
143		const LowerCaseString ProxyAuthenticate{"proxy-authenticate"};
144		const LowerCaseString ProxyAuthorization{"proxy-authorization"};
145		const LowerCaseString CapsuleProtocol{"capsule-protocol"};
146		const LowerCaseString ClientTraceId{"x-client-trace-id"};
147		const LowerCaseString Connection{"connection"};
148		const LowerCaseString ContentLength{"content-length"};
149		const LowerCaseString ContentRange{"content-range"};
150		const LowerCaseString ContentType{"content-type"};
151		const LowerCaseString Cookie{"cookie"};
152		const LowerCaseString Date{"date"};
153		const LowerCaseString EnvoyAttemptCount{absl::StrCat(prefix(), "-attempt-count")};
154		const LowerCaseString EnvoyCluster{absl::StrCat(prefix(), "-cluster")};
155		const LowerCaseString EnvoyDegraded{absl::StrCat(prefix(), "-degraded")};
156		const LowerCaseString EnvoyDownstreamServiceCluster{
157		absl::StrCat(prefix(), "-downstream-service-cluster")};
158		const LowerCaseString EnvoyDownstreamServiceNode{
159		absl::StrCat(prefix(), "-downstream-service-node")};
160		const LowerCaseString EnvoyExternalAddress{absl::StrCat(prefix(), "-external-address")};
161		const LowerCaseString EnvoyForceTrace{absl::StrCat(prefix(), "-force-trace")};
162		const LowerCaseString EnvoyHedgeOnPerTryTimeout{
163		absl::StrCat(prefix(), "-hedge-on-per-try-timeout")};
164		const LowerCaseString EnvoyImmediateHealthCheckFail{
165		absl::StrCat(prefix(), "-immediate-health-check-fail")};
166		const LowerCaseString EnvoyIsTimeoutRetry{absl::StrCat(prefix(), "-is-timeout-retry")};
167		const LowerCaseString EnvoyOriginalUrl{absl::StrCat(prefix(), "-original-url")};
168		const LowerCaseString EnvoyInternalRequest{absl::StrCat(prefix(), "-internal")};
169		// TODO(mattklein123): EnvoyIpTags should be a custom header registered with the IP tagging
170		// filter. We need to figure out if we can remove this header from the set of headers that
171		// participate in prefix overrides.
172		const LowerCaseString EnvoyIpTags{absl::StrCat(prefix(), "-ip-tags")};
173		const LowerCaseString EnvoyMaxRetries{absl::StrCat(prefix(), "-max-retries")};
174		const LowerCaseString EnvoyNotForwarded{absl::StrCat(prefix(), "-not-forwarded")};
175		const LowerCaseString EnvoyOriginalDstHost{absl::StrCat(prefix(), "-original-dst-host")};
176		const LowerCaseString EnvoyOriginalMethod{absl::StrCat(prefix(), "-original-method")};
177		const LowerCaseString EnvoyOriginalPath{absl::StrCat(prefix(), "-original-path")};
178		const LowerCaseString EnvoyOverloaded{absl::StrCat(prefix(), "-overloaded")};
179		const LowerCaseString EnvoyRateLimited{absl::StrCat(prefix(), "-ratelimited")};
180		const LowerCaseString EnvoyRetryOn{absl::StrCat(prefix(), "-retry-on")};
181		const LowerCaseString EnvoyRetryGrpcOn{absl::StrCat(prefix(), "-retry-grpc-on")};
182		const LowerCaseString EnvoyRetriableStatusCodes{
183		absl::StrCat(prefix(), "-retriable-status-codes")};
184		const LowerCaseString EnvoyRetriableHeaderNames{
185		absl::StrCat(prefix(), "-retriable-header-names")};
186		const LowerCaseString EnvoyUpstreamAltStatName{absl::StrCat(prefix(), "-upstream-alt-stat-name")};
187		const LowerCaseString EnvoyUpstreamCanary{absl::StrCat(prefix(), "-upstream-canary")};
188		const LowerCaseString EnvoyUpstreamHostAddress{absl::StrCat(prefix(), "-upstream-host-address")};
189		const LowerCaseString EnvoyUpstreamHostname{absl::StrCat(prefix(), "-upstream-hostname")};
190		const LowerCaseString EnvoyUpstreamRequestTimeoutAltResponse{
191		absl::StrCat(prefix(), "-upstream-rq-timeout-alt-response")};
192		const LowerCaseString EnvoyUpstreamRequestTimeoutMs{
193		absl::StrCat(prefix(), "-upstream-rq-timeout-ms")};
194		const LowerCaseString EnvoyUpstreamRequestPerTryTimeoutMs{
195		absl::StrCat(prefix(), "-upstream-rq-per-try-timeout-ms")};
196		const LowerCaseString EnvoyExpectedRequestTimeoutMs{
197		absl::StrCat(prefix(), "-expected-rq-timeout-ms")};
198		const LowerCaseString EnvoyUpstreamServiceTime{absl::StrCat(prefix(), "-upstream-service-time")};
199		const LowerCaseString EnvoyUpstreamHealthCheckedCluster{
200		absl::StrCat(prefix(), "-upstream-healthchecked-cluster")};
201		const LowerCaseString EnvoyUpstreamStreamDurationMs{
202		absl::StrCat(prefix(), "-upstream-stream-duration-ms")};
203		const LowerCaseString EnvoyDecoratorOperation{absl::StrCat(prefix(), "-decorator-operation")};
204		const LowerCaseString Expect{"expect"};
205		const LowerCaseString ForwardedClientCert{"x-forwarded-client-cert"};
206		const LowerCaseString ForwardedFor{"x-forwarded-for"};
207		const LowerCaseString ForwardedHost{"x-forwarded-host"};
208		const LowerCaseString ForwardedPort{"x-forwarded-port"};
209		const LowerCaseString ForwardedProto{"x-forwarded-proto"};
210		const LowerCaseString GrpcMessage{"grpc-message"};
211		const LowerCaseString GrpcStatus{"grpc-status"};
212		const LowerCaseString GrpcTimeout{"grpc-timeout"};
213		const LowerCaseString GrpcStatusDetailsBin{"grpc-status-details-bin"};
214		const LowerCaseString Host{":authority"};
215		const LowerCaseString HostLegacy{"host"};
216		const LowerCaseString Http2Settings{"http2-settings"};
217		const LowerCaseString KeepAlive{"keep-alive"};
218		const LowerCaseString Location{"location"};
219		const LowerCaseString Method{":method"};
220		const LowerCaseString Path{":path"};
221		const LowerCaseString Protocol{":protocol"};
222		const LowerCaseString ProxyConnection{"proxy-connection"};
223		const LowerCaseString ProxyStatus{"proxy-status"};
224		const LowerCaseString Range{"range"};
225		const LowerCaseString RequestId{"x-request-id"};
226		const LowerCaseString Scheme{":scheme"};
227		const LowerCaseString Server{"server"};
228		const LowerCaseString SetCookie{"set-cookie"};
229		const LowerCaseString Status{":status"};
230		const LowerCaseString TransferEncoding{"transfer-encoding"};
231		const LowerCaseString TE{"te"};
232		const LowerCaseString Upgrade{"upgrade"};
233		const LowerCaseString UserAgent{"user-agent"};
234		const LowerCaseString Via{"via"};
235		const LowerCaseString WWWAuthenticate{"www-authenticate"};
236		const LowerCaseString XContentTypeOptions{"x-content-type-options"};
237		const LowerCaseString XSquashDebug{"x-squash-debug"};
238		const LowerCaseString EarlyData{"early-data"};
239
240		struct {
241		const std::string Close{"close"};
242		const std::string Http2Settings{"http2-settings"};
243		const std::string KeepAlive{"keep-alive"};
244		const std::string Upgrade{"upgrade"};
245		} ConnectionValues;
246
247		struct {
248		const std::string H2c{"h2c"};
249		const std::string WebSocket{"websocket"};
250		const std::string ConnectUdp{"connect-udp"};
251		} UpgradeValues;
252
253		struct {
254		const std::string Text{"text/plain"};
255		const std::string TextEventStream{"text/event-stream"};
256		const std::string TextUtf8{"text/plain; charset=UTF-8"}; // TODO(jmarantz): fold this into Text
257		const std::string Html{"text/html; charset=UTF-8"};
258		const std::string Connect{"application/connect"};
259		const std::string ConnectProto{"application/connect+proto"};
260		const std::string Grpc{"application/grpc"};
261		const std::string GrpcWeb{"application/grpc-web"};
262		const std::string GrpcWebProto{"application/grpc-web+proto"};
263		const std::string GrpcWebText{"application/grpc-web-text"};
264		const std::string GrpcWebTextProto{"application/grpc-web-text+proto"};
265		const std::string Json{"application/json"};
266		const std::string Protobuf{"application/x-protobuf"};
267		const std::string FormUrlEncoded{"application/x-www-form-urlencoded"};
268		} ContentTypeValues;
269
270		struct {
271		const std::string True{"true"};
272		} EnvoyImmediateHealthCheckFailValues;
273
274		struct {
275		const std::string True{"true"};
276		} EnvoyInternalRequestValues;
277
278		struct {
279		const std::string True{"true"};
280		} EnvoyOverloadedValues;
281
282		struct {
283		const std::string True{"true"};
284		} EnvoyRateLimitedValues;
285
286		struct {
287		const std::string _5xx{"5xx"};
288		const std::string GatewayError{"gateway-error"};
289		const std::string ConnectFailure{"connect-failure"};
290		const std::string EnvoyRateLimited{"envoy-ratelimited"};
291		const std::string RefusedStream{"refused-stream"};
292		const std::string Retriable4xx{"retriable-4xx"};
293		const std::string RetriableStatusCodes{"retriable-status-codes"};
294		const std::string RetriableHeaders{"retriable-headers"};
295		const std::string Reset{"reset"};
296		const std::string Http3PostConnectFailure{"http3-post-connect-failure"};
297		} EnvoyRetryOnValues;
298
299		struct {
300		const std::string Cancelled{"cancelled"};
301		const std::string DeadlineExceeded{"deadline-exceeded"};
302		const std::string ResourceExhausted{"resource-exhausted"};
303		const std::string Unavailable{"unavailable"};
304		const std::string Internal{"internal"};
305		} EnvoyRetryOnGrpcValues;
306
307		struct {
308		const std::string _100Continue{"100-continue"};
309		} ExpectValues;
310
311		struct {
312		const std::string Connect{"CONNECT"};
313		const std::string Delete{"DELETE"};
314		const std::string Get{"GET"};
315		const std::string Head{"HEAD"};
316		const std::string Options{"OPTIONS"};
317		const std::string Patch{"PATCH"};
318		const std::string Post{"POST"};
319		const std::string Put{"PUT"};
320		const std::string Trace{"TRACE"};
321		} MethodValues;
322
323		struct {
324		// per https://tools.ietf.org/html/draft-kinnear-httpbis-http2-transport-02
325		const std::string Bytestream{"bytestream"};
326		} ProtocolValues;
327
328		struct {
329		const std::string Http{"http"};
330		const std::string Https{"https"};
331		} SchemeValues;
332
333		struct {
334		const std::string Brotli{"br"};
335		const std::string Compress{"compress"};
336		const std::string Chunked{"chunked"};
337		const std::string Deflate{"deflate"};
338		const std::string Gzip{"gzip"};
339		const std::string Identity{"identity"};
340		const std::string Zstd{"zstd"};
341		} TransferEncodingValues;
342
343		struct {
344		const std::string EnvoyHealthChecker{"Envoy/HC"};
345		} UserAgentValues;
346
347		struct {
348		const std::string Trailers{"trailers"};
349		} TEValues;
350
351		struct {
352		const std::string Nosniff{"nosniff"};
353		} XContentTypeOptionValues;
354
355		struct {
356		const std::string Http10String{"HTTP/1.0"};
357		const std::string Http11String{"HTTP/1.1"};
358		const std::string Http2String{"HTTP/2"};
359		const std::string Http3String{"HTTP/3"};
360		} ProtocolStrings;
361		};
362
363		using Headers = ConstSingleton<HeaderValues>;
364
365		} // namespace Http
366		} // namespace Envoy