From 5079d3e68e081cead835af38ab12ca5d49c4b5ad Mon Sep 17 00:00:00 2001 From: Zef Hemel Date: Wed, 23 Aug 2023 20:00:40 +0200 Subject: [PATCH] Filter proxied headers --- server/http_server.ts | 18 +++++++++++++++++- web/service_worker.ts | 6 +++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/server/http_server.ts b/server/http_server.ts index 3cc78ea5..b3230057 100644 --- a/server/http_server.ts +++ b/server/http_server.ts @@ -469,9 +469,18 @@ export class HttpServer { url = `https://${url}`; } try { + const safeRequestHeaders = new Headers(); + for (const headerName of ["Authorization", "Accept", "Content-Type"]) { + if (request.headers.has(headerName)) { + safeRequestHeaders.set( + headerName, + request.headers.get(headerName)!, + ); + } + } const req = await fetch(url, { method: request.method, - headers: request.headers, + headers: safeRequestHeaders, body: request.hasBody ? request.body({ type: "stream" }).value : undefined, @@ -521,3 +530,10 @@ function utcDateString(mtime: number): string { function authCookieName(host: string) { return `auth:${host}`; } + +function copyHeader(fromHeaders: Headers, toHeaders: Headers, header: string) { + const value = fromHeaders.get(header); + if (value) { + toHeaders.set(header, value); + } +} diff --git a/web/service_worker.ts b/web/service_worker.ts index 73f04591..fcd87327 100644 --- a/web/service_worker.ts +++ b/web/service_worker.ts @@ -156,7 +156,11 @@ async function handleLocalFileRequest( url = `https://${url}`; } console.info("Proxying federated URL", path, "to", url); - return fetch(url, { method: "GET", headers: request.headers }); + return fetch(url, { + method: request.method, + headers: request.headers, + body: request.body, + }); } else { console.error( "Did not find file in locally synced space",