AbuseProtection always fails in Replicas and custom domain

[JialinXin]

Describe the bug

When in Replicas and custom domain scenarios, the request origins will be multiple values. And current server side to validate the origin has a bug correctly deserialize it, so Abuse Protection will always fail and block further requests.

Impacts

• Microsoft.Azure.WebJobs.Extensions.WebPubSub(version <=1.6.0)
• Microsoft.Azure.WebPubSub.AspNetCore(version <= 1.1.0)
• Microsoft.Azure.Functions.Worker.Extensions.WebPubSub(verson = 1.5.0-beta.1)

Exceptions

Check live trace and find Abuse Protection request returns 400.

Further technical details

Multiple origins in header are not correctly parsed in server SDK where there's a space between multiple values.

See fix: https://github.com/Azure/azure-sdk-for-net/pull/38359

Workaround

Option 1. Disable AbuseProtection.

• Microsoft.Azure.WebJobs.Extensions.WebPubSub Update the function.json to set input/output binding required connection from a custom name, for example, MyConnection and put it empty in trigger binding.

  {
  "disabled": false,
  "bindings": [
  {
    "type": "webPubSubTrigger",
    "direction": "in",
    "name": "data",
    "dataType": "binary",
    "hub": "sample_funcchat",
    "eventName": "message",
    "eventType": "user",
    "connection": "" //make empty
  },
  {
    "type": "webPubSub",
    "name": "actions",
    "hub": "sample_funcchat",
    "connection": "MyConnection", //make custom name
    "direction": "out"
  }
  ]
  }

  And also set the value in configuration, for example: local.settings.json:

  {
  "IsEncrypted": false,
  "Values": {
  "AzureWebJobsStorage": "<storage-connectionstring>",
  "FUNCTIONS_WORKER_RUNTIME": "node",
  "WebPubSubHub": "<HubName>",
  "MyConnection": "<webpubsub-connectionstring>" //set the connection string with your custom name `MyConnection`
  },
  "Host": {
  "LocalHttpPort": 7071,
  "CORS": "*"
  }
  }

Option 2. Update to latest SDK.

• Microsoft.Azure.WebJobs.Extensions.WebPubSub(version >=1.7.0)

a. Remove extensionBundle settings in host.json. For example, make it simple as below.

{
  "version": "2.0"
}

b. Explicit install required extensions.

> func extensions install --package Microsoft.Azure.WebJobs.Extensions.WebPubSub --version 1.7.0

• Microsoft.Azure.WebPubSub.AspNetCore(version >= 1.2.0)

### Tasks
- [x] Bug fix.
- [x] Release packages. Microsoft.Azure.WebPubSub.AspNetCore [v1.2.0](https://www.nuget.org/packages/Microsoft.Azure.WebPubSub.AspNetCore/1.2.0) Microsoft.Azure.WebJobs.Extensions.WebPubSub [v1.7.0](https://www.nuget.org/packages/Microsoft.Azure.WebJobs.Extensions.WebPubSub/1.7.0) Microsoft.Azure.Functions.Worker.Extensions.WebPubSub [v1.7.0-beta.1](https://www.nuget.org/packages/Microsoft.Azure.Functions.Worker.Extensions.WebPubSub/1.7.0-beta.1)
- [ ] Update package version in Function extension bundle.

[JialinXin]

UPDATE: The issue is mitigated as service now return single request host as it is.