Skip to content

Set x-synthetic-id header on integration routes for response from Trusted Server#255

Open
prk-Jr wants to merge 9 commits intomainfrom
205-synthetic-id-header-x-synthetic-id-is-not-being-set-on-integration-re-hosted-into-first-party-publisher-domain
Open

Set x-synthetic-id header on integration routes for response from Trusted Server#255
prk-Jr wants to merge 9 commits intomainfrom
205-synthetic-id-header-x-synthetic-id-is-not-being-set-on-integration-re-hosted-into-first-party-publisher-domain

Conversation

@prk-Jr
Copy link
Collaborator

@prk-Jr prk-Jr commented Feb 6, 2026
edited
Loading

Integration proxy responses were missing the x-synthetic-id header because handle_proxy dispatched to integrations without adding it. This caused identity tracking to break for first-party re-hosted integrations like Permutive's secure-signal endpoint.

Centralizing the header logic in handle_proxy ensures all current and future integrations automatically include the synthetic ID, rather than requiring each integration to implement it manually.

Test Plan

Manually verified locally via fastly compute serve against autoblog production config:

  • GET /integrations/permutive/secure-signalsx-synthetic-id header and Set-Cookie: synthetic_id=... present
  • GET /integrations/lockr/api → same
  • GET / (publisher proxy) → same
  • Confirmed x-synthetic-id is not forwarded to downstream third-party origins (filtered by INTERNAL_HEADERS via copy_custom_headers)
  • All 336 tests pass

Fixes #205

@prk-Jr
Set x-synthetic-id header on integration routes
51f6fc7 
Integration proxy responses were missing the x-synthetic-id header
because handle_proxy dispatched to integrations without adding it.
This caused identity tracking to break for first-party re-hosted
integrations like Permutive's secure-signal endpoint.

Centralizing the header logic in handle_proxy ensures all current
and future integrations automatically include the synthetic ID,
rather than requiring each integration to implement it manually.

Fixes #205
@prk-Jr prk-Jr linked an issue Feb 6, 2026 that may be closed by this pull request
Synthetic ID Header [x-synthetic-id] is not being set on /integration re-hosted into first party publisher domain #205
Open
aram356
aram356 requested changes Feb 6, 2026
View reviewed changes
Copy link
Collaborator

@aram356 aram356 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good start but should use funcitons in cookies.rs

Please don't make the feature branch have this long name. Please stick to feature/short-name

@prk-Jr
Use cookie.rs utilities for synthetic ID detection
a0d22b2 
Replaces inline cookie parsing with handle_request_cookies() and
parse_cookies_to_jar() from cookies.rs for consistency.
@prk-Jr prk-Jr requested a review from aram356 February 9, 2026 05:17
ChristianPavilonis
ChristianPavilonis reviewed Feb 9, 2026
View reviewed changes
@prk-Jr
Added X-Customer-Header
be2c8ae 
Had deleted the comment accidentally but was needed already
ChristianPavilonis
ChristianPavilonis previously requested changes Feb 10, 2026
View reviewed changes
aram356
aram356 requested changes Feb 11, 2026
View reviewed changes
Copy link
Collaborator

@aram356 aram356 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔧 We need a more thorough fix:

publisher.rs:201-211 uses manual string splitting to check for an existing synthetic cookie:

let has_synthetic_cookie = req
    .get_header(header::COOKIE)
    .and_then(|h| h.to_str().ok())
    .map(|cookies| {
        cookies.split(';').any(|cookie| {
            cookie.trim_start().starts_with(&format!("{}=", COOKIE_SYNTHETIC_ID))
        })
    })
    .unwrap_or(false);

While registry.rs:622-626 uses handle_request_cookies with CookieJar:

let has_synthetic_cookie = handle_request_cookies(&req)
    .ok()
    .flatten()
    .and_then(|jar| jar.get(COOKIE_SYNTHETIC_ID).map(|_| true))
    .unwrap_or(false);

These should use the same approach. The CookieJar version is more robust (proper cookie parsing).

Since we already have cookie utilities in cookies.rs, suggest adding a set_synthetic_cookie(settings: &Settings, response: &mut Response, synthetic_id: &str) helper there that handles the append_header call. That way both publisher.rs and registry.rs call the same function, and the append_header fix and cookie creation logic live in one place.

We don't need has_synthetic_cookie check we was primarily for logging we should always set COOKIE_SYNTHETIC_ID

@prk-Jr prk-Jr requested a review from aram356 February 11, 2026 11:54
aram356
aram356 requested changes Feb 13, 2026
View reviewed changes
aram356
aram356 requested changes Feb 13, 2026
View reviewed changes
aram356
aram356 requested changes Feb 13, 2026
View reviewed changes
@prk-Jr
Propagate synthetic IDs via request headers for integrations and upda…
af94e77 
…te Testlight to read them, while also adding a test for synthetic cookie setting
@prk-Jr prk-Jr requested a review from aram356 February 13, 2026 09:33
aram356
aram356 requested changes Feb 16, 2026
View reviewed changes
Copy link
Collaborator

@aram356 aram356 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔧 We inadvertently now passing HEADER_X_SYNTHETIC_ID header to downstream integrations. We should not because synthetic header should stay within TS.

For example: permutive.rs :502

Please audit al integrations not to pass HEADER_X_SYNTHETIC_ID header

@prk-Jr
fix(integrations): prevent synthetic ID header leak to downstream ser…
602c3ab 
…vices

- Fix missing `x-synthetic-id` on `/integration` responses by setting it in `registry.rs`
- Introduce `INTERNAL_HEADERS` constant list for sensitive internal headers
- Add `http_util::copy_custom_headers` utility to filter internal headers
- Update `permutive.rs` and `lockr.rs` to use safe header copying, preventing leaks
- Add unit tests verifying header filtering logic
@prk-Jr
Copy link
Collaborator Author

prk-Jr commented Feb 16, 2026

🔧 We inadvertently now passing HEADER_X_SYNTHETIC_ID header to downstream integrations. We should not because synthetic header should stay within TS.

For example: permutive.rs :502

Please audit al integrations not to pass HEADER_X_SYNTHETIC_ID header

Thanks @aram356 for the catch on the header leak! I've addressed it by:

  1. Extracting a centralized INTERNAL_HEADERS list (includes x-synthetic-id, x-geo-*, etc.) to constants.rs.
  2. Implementing a shared http_util::copy_custom_headers utility that automatically filters out these internal headers.
  3. Updating both permutive.rs and lockr.rs to use this utility instead of manual loops.

This ensures x-synthetic-id is correctly returned to the browser (fixing the original bug) but never forwarded to downstream third-party services.

Added unit tests to http_util.rs to verify the filtering logic. Verified all 336 tests pass.

@prk-Jr prk-Jr requested a review from aram356 February 16, 2026 11:02
@prk-Jr
Address review cleanup for synthetic ID header changes
0e45fe0 
- Add x-forwarded-for to INTERNAL_HEADERS to prevent IP leak to
  downstream services via copy_custom_headers
- Fix stale x-psid-ts doc comment in synthetic.rs
- Use proper import for get_synthetic_id in testlight.rs and
  improve error message for missing synthetic ID
- Fix typo in http_util.rs test
ChristianPavilonis
ChristianPavilonis reviewed Feb 18, 2026
View reviewed changes
Copy link
Collaborator

@ChristianPavilonis ChristianPavilonis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's looking pretty good to me now

@aram356 aram356 changed the title Set x-synthetic-id header on integration routes Set x-synthetic-id header on integration routes for response from Trusted Server Feb 19, 2026
aram356
aram356 approved these changes Feb 20, 2026
View reviewed changes
Copy link
Collaborator

@aram356 aram356 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. I would like to see test plan. Please confirm manually

@prk-Jr
Copy link
Collaborator Author

prk-Jr commented Feb 20, 2026

Looks good. I would like to see test plan. Please confirm manually

Manually verified locally via fastly compute serve against autoblog production config:

  • GET /integrations/permutive/secure-signalsx-synthetic-id and Set-Cookie: synthetic_id=... present
  • GET /integrations/lockr/api → same
  • GET / (publisher proxy) → same
  • x-synthetic-id is not forwarded to downstream origins
  • All 336 tests pass

Looks good. I would like to see test plan. Please confirm manually

@prk-Jr prk-Jr dismissed ChristianPavilonis’s stale review February 20, 2026 10:37

Stale review. Has been resolved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChristianPavilonis ChristianPavilonis ChristianPavilonis left review comments

@aram356 aram356 aram356 approved these changes

Assignees

@prk-Jr prk-Jr

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Synthetic ID Header [x-synthetic-id] is not being set on /integration re-hosted into first party publisher domain

3 participants

@prk-Jr @aram356 @ChristianPavilonis

Comments