From 5597be5fd8b78251853fc8d4a4bd566699bcc830 Mon Sep 17 00:00:00 2001 From: Juraj Uhlar Date: Wed, 19 Mar 2025 16:47:59 +0000 Subject: [PATCH] fix: send other proxy headers even if proxy secret is undefined --- src/utils/addProxyIntegrationHeaders.ts | 5 ++-- test/handlers/ingressAPI.test.ts | 38 +++++++++++++++++++------ 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/src/utils/addProxyIntegrationHeaders.ts b/src/utils/addProxyIntegrationHeaders.ts index 0356ca5..297760d 100644 --- a/src/utils/addProxyIntegrationHeaders.ts +++ b/src/utils/addProxyIntegrationHeaders.ts @@ -5,7 +5,8 @@ export function addProxyIntegrationHeaders(headers: Headers, url: string, env: I const proxySecret = getProxySecret(env) if (proxySecret) { headers.set('FPJS-Proxy-Secret', proxySecret) - headers.set('FPJS-Proxy-Client-IP', getClientIp()) - headers.set('FPJS-Proxy-Forwarded-Host', new URL(url).hostname) } + + headers.set('FPJS-Proxy-Forwarded-Host', new URL(url).hostname) + headers.set('FPJS-Proxy-Client-IP', getClientIp()) } diff --git a/test/handlers/ingressAPI.test.ts b/test/handlers/ingressAPI.test.ts index d38fb9e..51772c1 100644 --- a/test/handlers/ingressAPI.test.ts +++ b/test/handlers/ingressAPI.test.ts @@ -105,26 +105,46 @@ describe('Ingress', () => { expect(cookieValue['_iidt']).toBe('test') }) - it('should not add proxy integration headers if PROXY_SECRET env not set', async () => { - const request = makeRequest(new URL('https://test/result'), { method: 'POST' }) + it('should add all proxy integration headers if PROXY_SECRET is present, preserving existing headers', async () => { + const existingHeaderValue = 'testValue' + const secret = '42' + const secretStore = new SecretStore('Fingerprint') + // @ts-ignore + secretStore.set('PROXY_SECRET', secret) + + const request = makeRequest(new URL('https://test/result'), { + method: 'POST', + headers: { 'X-Test': existingHeaderValue }, + }) await handleRequest(request) - expect(requestHeaders.has('FPJS-Proxy-Secret')).toBe(false) - expect(requestHeaders.has('FPJS-Proxy-Client-IP')).toBe(false) - expect(requestHeaders.has('FPJS-Proxy-Forwarded-Host')).toBe(false) + expect(requestHeaders.has('FPJS-Proxy-Secret')).toBe(true) + expect(requestHeaders.has('FPJS-Proxy-Client-IP')).toBe(true) + expect(requestHeaders.has('FPJS-Proxy-Forwarded-Host')).toBe(true) + + expect(requestHeaders.get('X-Test')).toBe(existingHeaderValue) + expect(requestHeaders.get('FPJS-Proxy-Secret')).toBe(secret) }) - it('should add proxy integration headers if PROXY_SECRET is present', async () => { + // So Fingerprint server can know the request is coming from a proxy integration, even if the proxy secret is missing + it('should add the other proxy integration headers even if PROXY_SECRET is not set, preserving existing headers', async () => { + const existingHeaderValue = 'testValue' const secretStore = new SecretStore('Fingerprint') // @ts-ignore - secretStore.set('PROXY_SECRET', 'secret') + // Reset the secret to undefined in case a previous test defined it + secretStore.set('PROXY_SECRET', undefined) - const request = makeRequest(new URL('https://test/result'), { method: 'POST' }) + const request = makeRequest(new URL('https://test/result'), { + method: 'POST', + headers: { 'X-Test': existingHeaderValue }, + }) await handleRequest(request) - expect(requestHeaders.has('FPJS-Proxy-Secret')).toBe(true) + expect(requestHeaders.has('FPJS-Proxy-Secret')).toBe(false) expect(requestHeaders.has('FPJS-Proxy-Client-IP')).toBe(true) expect(requestHeaders.has('FPJS-Proxy-Forwarded-Host')).toBe(true) + + expect(requestHeaders.get('X-Test')).toBe(existingHeaderValue) }) it('should set client ip if request has header Fastly-Client-IP', async () => {