Skip to content

feat: add ENABLE_OVERWRITE_BASE_HEADERS environment variable and docu… #1080

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 27, 2025
Merged

feat: add ENABLE_OVERWRITE_BASE_HEADERS environment variable and docu… #1080

merged 2 commits into from
Sep 27, 2025

Conversation

SharkyND
Copy link
Contributor

@SharkyND SharkyND commented Sep 20, 2025
edited by crivetimihai
Loading

Add ENABLE_OVERWRITE_BASE_HEADERS configuration for advanced header passthrough

Summary

This PR introduces the ENABLE_OVERWRITE_BASE_HEADERS environment variable to provide advanced control over HTTP header passthrough behavior. When enabled, this allows client-provided headers to override gateway base headers like Content-Type and Authorization for specialized use cases.

What's Changed

Core Implementation

  • Added environment variable mapping for ENABLE_OVERWRITE_BASE_HEADERS in config.py
  • Fixed missing environment variable mapping for ENABLE_HEADER_PASSTHROUGH
  • Implemented base header override logic in passthrough_headers.py
  • Added startup logging to show current header override status

Configuration & Documentation

  • Updated .env.example with ENABLE_OVERWRITE_BASE_HEADERS configuration
  • Enhanced README.md configuration table with new setting
  • Updated Helm charts (values.yaml) with new environment variable
  • Comprehensive documentation updates across:
    • Header passthrough overview (docs/overview/passthrough.md)
    • Proxy authentication guides (docs/deployment/proxy-auth.md, docs/manage/proxy.md)
    • Main documentation (docs/index.md)

Testing

  • Added comprehensive unit tests for base header override functionality
  • Enhanced existing tests to cover both enabled/disabled scenarios
  • Maintained backward compatibility with existing test suite

Quality Improvements

  • Fixed trailing newlines in documentation files
  • Added Xena deployment configurations for enterprise environments

Security Considerations

  • Disabled by default - maintains secure-by-default approach
  • Requires explicit configuration - users must understand implications
  • Preserves existing auth conflicts detection - still prevents dangerous overrides
  • Comprehensive logging - all override attempts are logged for audit

Use Cases

This feature enables:

  • Custom authentication schemes requiring client-provided Authorization headers
  • Specialized content negotiation needing client Content-Type override
  • Advanced proxy scenarios with specific header requirements
  • Enterprise integrations where client headers must take precedence

Breaking Changes

None - this is a purely additive feature with secure defaults.

Testing

All existing tests pass, plus new tests covering:

  • Header override enabled/disabled scenarios
  • Conflict detection with auth headers
  • Base header preservation logic
  • Security validation and sanitization
  • Configuration hierarchy (gateway > global > defaults)

Implementation Details

Environment Variable Configuration

# Enable the advanced feature (disabled by default)
ENABLE_OVERWRITE_BASE_HEADERS=true

Code Changes

  • mcpgateway/config.py: Added proper environment variable mapping
  • mcpgateway/utils/passthrough_headers.py: Implemented override logic
  • mcpgateway/main.py: Added startup logging
  • tests/unit/mcpgateway/utils/test_passthrough_headers.py: Comprehensive test coverage

Configuration Hierarchy

  1. Gateway-specific headers (highest priority)
  2. Global database configuration
  3. Environment variable defaults (lowest priority)

Checklist

  • Environment variable properly mapped in config
  • Logic implemented with security safeguards
  • Comprehensive unit tests added
  • Documentation updated across all relevant files
  • Helm charts updated for Kubernetes deployments
  • Backward compatibility maintained
  • Security-by-default approach preserved

Ready for Review

This PR is ready for review and addresses the issue where ENABLE_OVERWRITE_BASE_HEADERS was not being read from environment variables, while adding the full advanced header override functionality requested.

Reference: #1046

Closes #1046

Naveed, Muhammad Shahrukh [JJCUS] and others added 2 commits September 27, 2025 16:22
@crivetimihai
feat: add ENABLE_OVERWRITE_BASE_HEADERS environment variable and docu…
4b22e9d 
…mentation

- Add ENABLE_OVERWRITE_BASE_HEADERS configuration option to .env.example
- Document ENABLE_OVERWRITE_BASE_HEADERS in README.md configuration table
- Update Helm values.yaml to include ENABLE_OVERWRITE_BASE_HEADERS setting
- Add ENABLE_OVERWRITE_BASE_HEADERS documentation to proxy authentication guides
- Update header passthrough documentation with base headers override section
- Add environment variable mapping in config.py for proper .env file reading
- Implement base header override logic in passthrough_headers.py
- Add logging for header override status in main.py startup
- Include comprehensive unit tests for base header override functionality
- Fix trailing newlines in various documentation files

This enables advanced users to allow passthrough headers to override gateway
base headers like Content-Type when ENABLE_OVERWRITE_BASE_HEADERS=true, while
maintaining secure defaults (disabled by default).
@crivetimihai
rebase and test
e3dfcca 
Signed-off-by: Mihai Criveti <[email protected]>
@crivetimihai crivetimihai force-pushed the feature/allow-headers-overwrite branch from 8bc2592 to e3dfcca Compare September 27, 2025 16:03
@crivetimihai crivetimihai merged commit 29db28d into IBM:main Sep 27, 2025
35 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@crivetimihai crivetimihai crivetimihai approved these changes

@kevalmahajan kevalmahajan Awaiting requested review from kevalmahajan kevalmahajan is a code owner

@madhav165 madhav165 Awaiting requested review from madhav165 madhav165 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug]: pass-through headers are not functioning as expected
2 participants
@SharkyND @crivetimihai