Encode base64 headers
Verified Code examples on this page have been automatically tested and verified.Use CEL expressions to encode and decode base64 values in request headers and add the results as response headers. The examples use the base64.encode(), base64.decode(), and string() CEL functions, and the request.headers[] context variables.
Before you begin
- Set up an agentgateway proxy.
- Install the httpbin sample app.
Encode a header value to base64
In this example, you read a plain-text request header and add its base64-encoded value as a response header.
Create an AgentgatewayPolicy resource that reads the
x-user-idrequest header and encodes it to base64 before adding it as thex-user-id-encodedresponse header.kubectl apply -f- <<EOF apiVersion: agentgateway.dev/v1alpha1 kind: AgentgatewayPolicy metadata: name: transformation namespace: httpbin spec: targetRefs: - group: gateway.networking.k8s.io kind: HTTPRoute name: httpbin traffic: transformation: response: set: - name: x-user-id-encoded value: 'base64.encode(request.headers["x-user-id"])' EOFSend a request to the httpbin app and include the
x-user-idrequest header. Verify that you get back a 200 HTTP response code and that thex-user-id-encodedresponse header contains the base64-encoded value.curl -vi http://$INGRESS_GW_ADDRESS:80/response-headers \ -H "host: www.example.com:80" \ -H "x-user-id: user123"curl -vi localhost:8080/response-headers \ -H "host: www.example.com" \ -H "x-user-id: user123"Example output:
< HTTP/1.1 200 OK HTTP/1.1 200 OK < access-control-allow-credentials: true access-control-allow-credentials: true < access-control-allow-origin: * access-control-allow-origin: * < content-type: application/json; encoding=utf-8 content-type: application/json; encoding=utf-8 < content-length: 3 content-length: 3 < x-user-id-encoded: dXNlcjEyMw== x-user-id-encoded: dXNlcjEyMw==You can verify the encoded value by decoding it locally:
echo "dXNlcjEyMw==" | base64 --decodeExample output:
user123
Decode a base64 header value
In this example, you take the encoded value from the encode example (dXNlcjEyMw==) and decode it back to its original plain-text value.
Create an AgentgatewayPolicy resource that reads the
x-user-id-encodedrequest header, decodes it from base64, and adds the result as thex-user-id-decodedresponse header.kubectl apply -f- <<EOF apiVersion: agentgateway.dev/v1alpha1 kind: AgentgatewayPolicy metadata: name: transformation namespace: httpbin spec: targetRefs: - group: gateway.networking.k8s.io kind: HTTPRoute name: httpbin traffic: transformation: response: set: - name: x-user-id-decoded value: 'string(base64.decode(request.headers["x-user-id-encoded"]))' EOFSend a request to the httpbin app and include the base64-encoded value from the encode example in the
x-user-id-encodedrequest header. Verify that you get back a 200 HTTP response code and that thex-user-id-decodedresponse header contains the original plain-text value.curl -vi http://$INGRESS_GW_ADDRESS:80/response-headers \ -H "host: www.example.com:80" \ -H "x-user-id-encoded: dXNlcjEyMw=="curl -vi localhost:8080/response-headers \ -H "host: www.example.com" \ -H "x-user-id-encoded: dXNlcjEyMw=="Example output:
< HTTP/1.1 200 OK HTTP/1.1 200 OK < access-control-allow-credentials: true access-control-allow-credentials: true < access-control-allow-origin: * access-control-allow-origin: * < content-type: application/json; encoding=utf-8 content-type: application/json; encoding=utf-8 < content-length: 3 content-length: 3 < x-user-id-decoded: user123 x-user-id-decoded: user123
Cleanup
You can remove the resources that you created in this guide.kubectl delete AgentgatewayPolicy transformation -n httpbin