paulononato/backstage
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Fix for proxy-backend plugin when global-agent is enabled

Browse Source
This commit is contained in:
bobalong79
2021-03-01 11:30:44 +00:00
parent d7a5bfd57f
commit 9ce68b677b
2 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.changeset/nervous-dogs-pull.md
+5
View File
@@ -0,0 +1,5 @@
---
'@backstage/plugin-proxy-backend': minor
---
Fix for proxy-backend plugin when global-agent is enabled
plugins/proxy-backend/src/service/router.ts
+8 -10
View File
@@ -85,11 +85,6 @@ export function buildMiddleware(
// Attach the logger to the proxy config
fullConfig.logProvider = () => logger;
// Only permit the allowed HTTP methods if configured
const filter = (_pathname: string, req: http.IncomingMessage): boolean => {
return fullConfig?.allowedMethods?.includes(req.method!) ?? true;
};
// Only return the allowed HTTP headers to not forward unwanted secret headers
const requestHeaderAllowList = new Set<string>(
[
@@ -104,15 +99,18 @@ export function buildMiddleware(
].map(h => h.toLocaleLowerCase()),
);
// only forward the allowed headers in client->backend
fullConfig.onProxyReq = (proxyReq: http.ClientRequest) => {
const headerNames = proxyReq.getHeaderNames();
// Use the custom middleware filter to do two things:
// 1. Remove any headers not in the allow list to stop them being forwarded
// 2. Only permit the allowed HTTP methods if configured
const filter = (_pathname: string, req: http.IncomingMessage): boolean => {
const headerNames = Object.keys(req.headers);
headerNames.forEach(h => {
if (!requestHeaderAllowList.has(h.toLocaleLowerCase())) {
proxyReq.removeHeader(h);
delete req.headers[h];
}
});
return fullConfig?.allowedMethods?.includes(req.method!) ?? true;
};
// Only forward the allowed HTTP headers to not forward unwanted secret headers