Skip to content

Add security response id to AppSec redirect response #5060

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 19, 2025
Merged

Add security response id to AppSec redirect response #5060

merged 2 commits into from
Nov 19, 2025
+27 −6

Conversation

@y9v
Copy link
Member

@y9v y9v commented Nov 19, 2025
edited
Loading

What does this PR do?
This PR adds substitution of [security_response_id] placeholder for AppSec redirect response Location header.

Motivation:
According to RFC, [security_response_id] needs to be also substituted in the Location header, when the client has AppSec configured to redirect on a detected attack.

Change log entry
No. There will be one change log entry for the security response id, which was already added in #5049.

Additional Notes:
APPSEC-59951.

How to test the change?
CI and manual testing.

@y9v y9v self-assigned this Nov 19, 2025
@y9v y9v requested a review from a team as a code owner November 19, 2025 09:43
@github-actions github-actions bot added the appsec Application Security monitoring product label Nov 19, 2025
@y9v y9v force-pushed the appsec-add-security-response-id-for-redirect-response branch from 9004838 to a813094 Compare November 19, 2025 09:47
@y9v y9v changed the title Add security response id param to AppSec redirect responses Add security response id to AppSec custom redirect response Nov 19, 2025
@y9v y9v changed the title Add security response id to AppSec custom redirect response Add security response id to AppSec redirect response Nov 19, 2025
@pr-commenter
Copy link

pr-commenter bot commented Nov 19, 2025

Benchmarks

Benchmark execution time: 2025-11-19 10:17:06

Comparing candidate commit a813094 in PR branch appsec-add-security-response-id-for-redirect-response with baseline commit 5853a3d in branch master.

Found 1 performance improvements and 0 performance regressions! Performance is the same for 43 metrics, 2 unstable metrics.

scenario:profiling - intern_all 1000 repeated strings

  • 🟩 throughput [+4128.253op/s; +4203.163op/s] or [+18.335%; +18.667%]

@y9v y9v merged commit f505907 into master Nov 19, 2025
700 of 702 checks passed
@y9v y9v deleted the appsec-add-security-response-id-for-redirect-response branch November 19, 2025 10:21
@github-actions github-actions bot added this to the 2.23.0 milestone Nov 19, 2025
@y9v y9v mentioned this pull request Nov 19, 2025
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Strech Strech Strech approved these changes

Assignees

@y9v y9v

Labels

appsec Application Security monitoring product

Projects

None yet

Milestone

2.23.0

Development

Successfully merging this pull request may close these issues.

3 participants

@y9v @Strech