When in Replicas and custom domain scenarios, the request origins will be multiple values. And current server side to validate the origin has a bug correctly deserialize it, so Abuse Protection will always fail and block further requests.
Microsoft.Azure.WebJobs.Extensions.WebPubSub
Update the function.json to set input/output binding required connection from a custom name, for example, MyConnection and put it empty in trigger binding.
Describe the bug
When in Replicas and custom domain scenarios, the request origins will be multiple values. And current server side to validate the origin has a bug correctly deserialize it, so Abuse Protection will always fail and block further requests.
Impacts
Exceptions
Check live trace and find Abuse Protection request returns 400.
Further technical details
Multiple origins in header are not correctly parsed in server SDK where there's a space between multiple values.
See fix: https://github.com/Azure/azure-sdk-for-net/pull/38359
Workaround
Option 1. Disable AbuseProtection.
Microsoft.Azure.WebJobs.Extensions.WebPubSub Update the
function.json
to set input/output binding required connection from a custom name, for example,MyConnection
and put it empty in trigger binding.And also set the value in configuration, for example:
local.settings.json
:Option 2. Update to latest SDK.
a. Remove
extensionBundle
settings inhost.json
. For example, make it simple as below.b. Explicit install required extensions.