Address Copilot follow-up on transform cleanup and docs/tests.

bryancall · bryancall · commit 6f2dfda5e767 · 2026-04-27T11:34:15.000-07:00
Clarify transform-inactive test/docs wording, assert Content-Type in transform-active set-body cases, and document why transform cleanup remains guarded in the internal-body bypass path to avoid the known -11 crash.

Made-with: Cursor
diff --git a/doc/admin-guide/plugins/header_rewrite.en.rst b/doc/admin-guide/plugins/header_rewrite.en.rst
@@ -1177,7 +1177,8 @@ set-body
 
   set-body <text>
 
-Sets the body to ``<text>``. Can also be used to delete a body with ``""``.
+Sets the body to ``<text>``.
+For internally generated/synthetic responses, ``set-body ""`` can be used to clear that replacement body.
 
 For origin response replacement, ``set-body`` is supported at both
 ``READ_RESPONSE_HDR_HOOK`` and ``SEND_RESPONSE_HDR_HOOK``. Prefer
@@ -1192,9 +1193,9 @@ response body tunneling starts.
    ``set-body ""`` clears the internal replacement body, but does not suppress an
    origin response body on this hook; use a non-empty replacement value when
    sanitizing origin responses.
-   The gold tests cover origin replacement for both hooks with and without a
-   response transform plugin. The no-transform matrix runs with HTTP cache
-   disabled and includes repeated-URL cache-bypass probes.
+   The gold tests cover origin replacement for both hooks with and without an
+   active response transform. The transform-inactive matrix runs with HTTP cache
+   disabled and includes repeated-URL probes to verify deterministic replacement.
 
 set-body-from
 ~~~~~~~~~~~~~
diff --git a/src/proxy/http/HttpSM.cc b/src/proxy/http/HttpSM.cc
@@ -7617,6 +7617,8 @@ HttpSM::setup_client_request_plugin_agents(HttpTunnelProducer *p, int num_header
 inline void
 HttpSM::transform_cleanup(TSHttpHookID hook, HttpTransformInfo *info)
 {
+  // Internal-body bypass can skip transform tunnel setup, leaving no transform
+  // entry to clean up. In that case there is nothing safe/useful to close here.
   if (info->entry == nullptr) {
     return;
   }
@@ -7712,6 +7714,9 @@ HttpSM::kill_this()
     if (hooks_set) {
       bool bypassed_response_transform =
         t_state.api_info.cache_untransformed && t_state.internal_msg_buffer && !t_state.api_server_request_body_set;
+      // If we intentionally bypassed response transforms for internal-body
+      // transfer, transform_info may be partially detached; skip cleanup in this
+      // specific case to avoid dereferencing stale transform state.
       if (!bypassed_response_transform) {
         transform_cleanup(TS_HTTP_RESPONSE_TRANSFORM_HOOK, &transform_info);
       }
diff --git a/tests/gold_tests/pluginTest/header_rewrite/header_rewrite_set_body_origin.replay.yaml b/tests/gold_tests/pluginTest/header_rewrite/header_rewrite_set_body_origin.replay.yaml
@@ -18,7 +18,7 @@ meta:
   version: "1.0"
 
 autest:
-  description: 'Test set-body origin replacement without response transforms'
+  description: 'Test set-body origin replacement (transform plugin loaded; selected paths keep it inactive)'
 
   dns:
     name: 'dns'
@@ -47,31 +47,31 @@ autest:
       proxy.config.diags.debug.tags: 'http|header_rewrite'
 
     remap_config:
-      # Block 1: READ_RESPONSE hook replacement path (no transform plugin).
+      # Block 1: READ_RESPONSE hook replacement path with transform inactive (non-200 response).
       - from: "http://www.example.com/set_body_read_resp_403/"
         to: "http://backend.ex:{SERVER_HTTP_PORT}/origin_read_403/"
         plugins:
           - name: "header_rewrite.so"
             args:
               - "rules/rule_set_body_origin_read_resp.conf"
 
-      # Block 2: SEND_RESPONSE hook replacement path (no transform plugin).
+      # Block 2: SEND_RESPONSE hook replacement path with transform inactive (non-200 response).
       - from: "http://www.example.com/set_body_send_resp_403/"
         to: "http://backend.ex:{SERVER_HTTP_PORT}/origin_send_403/"
         plugins:
           - name: "header_rewrite.so"
             args:
               - "rules/rule_set_body_origin_send_resp.conf"
 
-      # Block 3a: cache-bypass probe for READ_RESPONSE hook (same URL twice).
+      # Block 3a: repeated-URL probe for READ_RESPONSE hook (same URL twice, transform inactive).
       - from: "http://www.example.com/cache_probe_read/"
         to: "http://backend.ex:{SERVER_HTTP_PORT}/cache_probe_read/"
         plugins:
           - name: "header_rewrite.so"
             args:
               - "rules/rule_set_body_origin_read_resp.conf"
 
-      # Block 3b: cache-bypass probe for SEND_RESPONSE hook (same URL twice).
+      # Block 3b: repeated-URL probe for SEND_RESPONSE hook (same URL twice, transform inactive).
       - from: "http://www.example.com/cache_probe_send/"
         to: "http://backend.ex:{SERVER_HTTP_PORT}/cache_probe_send/"
         plugins:
@@ -160,7 +160,7 @@ sessions:
         size: 9
         data: "Sanitized"
 
-  # Block 3a verification: cache-bypass probe for READ_RESPONSE.
+  # Block 3a verification: repeated-URL probe for READ_RESPONSE.
   # First response on repeated URL.
   - client-request:
       method: "GET"
@@ -191,7 +191,7 @@ sessions:
         size: 9
         data: "Sanitized"
 
-  # Block 3a verification: cache-bypass probe for READ_RESPONSE.
+  # Block 3a verification: repeated-URL probe for READ_RESPONSE.
   # Second response on repeated URL should still be replaced.
   # Keep this as non-200 so null_transform does not engage.
   - client-request:
@@ -223,7 +223,7 @@ sessions:
         size: 9
         data: "Sanitized"
 
-  # Block 3b verification: cache-bypass probe for SEND_RESPONSE.
+  # Block 3b verification: repeated-URL probe for SEND_RESPONSE.
   # First response on repeated URL.
   - client-request:
       method: "GET"
@@ -254,7 +254,7 @@ sessions:
         size: 9
         data: "Sanitized"
 
-  # Block 3b verification: cache-bypass probe for SEND_RESPONSE.
+  # Block 3b verification: repeated-URL probe for SEND_RESPONSE.
   # Second response on repeated URL should still be replaced.
   # Keep this as non-200 so null_transform does not engage.
   - client-request:
@@ -312,6 +312,7 @@ sessions:
       headers:
         fields:
         - [ Content-Length, { value: "9", as: equal } ]
+        - [ Content-Type, { value: "text/html", as: equal } ]
       content:
         size: 9
         data: "Sanitized"
@@ -342,6 +343,7 @@ sessions:
       headers:
         fields:
         - [ Content-Length, { value: "9", as: equal } ]
+        - [ Content-Type, { value: "text/html", as: equal } ]
       content:
         size: 9
         data: "Sanitized"

Original file line number	Diff line number	Diff line change
`@@ -7617,6 +7617,8 @@ HttpSM::setup_client_request_plugin_agents(HttpTunnelProducer *p, int num_header`
`7617`	`7617`	`inline void`
`7618`	`7618`	`HttpSM::transform_cleanup(TSHttpHookID hook, HttpTransformInfo *info)`
`7619`	`7619`	`{`
	`7620`	`+ // Internal-body bypass can skip transform tunnel setup, leaving no transform`
	`7621`	`+ // entry to clean up. In that case there is nothing safe/useful to close here.`
`7620`	`7622`	`if (info->entry == nullptr) {`
`7621`	`7623`	`return;`
`7622`	`7624`	`}`
`@@ -7712,6 +7714,9 @@ HttpSM::kill_this()`
`7712`	`7714`	`if (hooks_set) {`
`7713`	`7715`	`bool bypassed_response_transform =`
`7714`	`7716`	`t_state.api_info.cache_untransformed && t_state.internal_msg_buffer && !t_state.api_server_request_body_set;`
	`7717`	`+ // If we intentionally bypassed response transforms for internal-body`
	`7718`	`+ // transfer, transform_info may be partially detached; skip cleanup in this`
	`7719`	`+ // specific case to avoid dereferencing stale transform state.`
`7715`	`7720`	`if (!bypassed_response_transform) {`
`7716`	`7721`	`transform_cleanup(TS_HTTP_RESPONSE_TRANSFORM_HOOK, &transform_info);`
`7717`	`7722`	`}`