Skip to content

Commit

Permalink
fix: make header comparison case insensitive (#891)
Browse files Browse the repository at this point in the history
  • Loading branch information
@pauldambra
pauldambra authored Nov 14, 2023
1 parent 6b70edb commit bc5ee4a
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 14 deletions.
14 changes: 14 additions & 0 deletions src/__tests__/extensions/replay/config.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,20 @@ describe('config', () => {
'content-type': 'edited',
})
})

it('case insensitively removes headers on the deny list', () => {
const networkOptions = buildNetworkRequestOptions(defaultConfig(), {})
const cleaned = networkOptions.maskRequestFn!({
url: 'something',
requestHeaders: {
AuThOrIzAtIoN: 'Bearer 123',
'content-type': 'application/json',
},
})
expect(cleaned?.requestHeaders).toEqual({
'content-type': 'application/json',
})
})
})
})
})
30 changes: 16 additions & 14 deletions src/extensions/replay/config.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,23 +32,25 @@ export const defaultNetworkOptions: NetworkRecordOptions = {
}

const HEADER_DENYLIST = [
'Authorization',
'X-FORWARDED-FOR',
'AUTHORIZATION',
'COOKIE',
'SET-COOKIE',
'X-API-KEY',
'X-REAL-IP',
'REMOTE-ADDR',
'FORWARDED',
'PROXY-AUTHORIZATION',
'X-CSRF-TOKEN',
'X-CSRFTOKEN',
'X-XSRF-TOKEN',
'authorization',
'x-forwarded-for',
'authorization',
'cookie',
'set-cookie',
'x-api-key',
'x-real-ip',
'remote-addr',
'forwarded',
'proxy-authorization',
'x-csrf-token',
'x-csrftoken',
'x-xsrf-token',
]

const removeAuthorizationHeader = (data: NetworkRequest): NetworkRequest => {
HEADER_DENYLIST.forEach((header) => delete data.requestHeaders?.[header])
Object.keys(data.requestHeaders ?? {}).forEach((header) => {
if (HEADER_DENYLIST.includes(header.toLowerCase())) delete data.requestHeaders?.[header]
})
return data
}

Expand Down

0 comments on commit bc5ee4a

Please sign in to comment.