Unable to add crumb token to payload with h2o2 proxy

Ibabalola commented 4 years ago

Support plan

is this issue currently blocking your project? (yes):
is this issue affecting a production system? (no):

Context

node version: 12.16.2
module version with issue: 8.0.0
last module version without issue: 8.0.0
environment (e.g. node, browser, native): browser
used with (e.g. hapi application, another framework, standalone, ...):hapi application
any other relevant information: h2o2 proxy

What are you trying to achieve or the steps to reproduce?

The front end is passing correctly the crumb token, the crumb token is stored inside the cookie.

Crumb plugin registry:

    await HapiServer.register({
      plugin: Crumb,
      options: {
        cookieOptions: {
          isSecure: false
        }
      }
    });

The proxy sent down the date as a Stream format; In the below code because the content is of type Stream the request is forbidden.

 if (!content ||
      content instanceof Stream) {

     unauthorizedLogger();
     throw Boom.forbidden();
}

This is my proxy

const setupProxy = (server, serviceUrl, proxyBasePath, useIdToken=false, whitelist=[]) => {
  server.route({
    method: ['POST', 'GET', 'PUT', 'DELETE'],
    path: proxyBasePath + '{service*}',
    options: {
      auth: config.authStrategies()
    },
    handler: {
      proxy: {
        passThrough: true,
        mapUri: async (req) => {
          const query = req.url.search ? req.url.search : '';
          const servicePath = req.params.service;
          const uri = serviceUrl + servicePath + query;
          return { uri, headers };
        }
      }
    }
  });
};

Tried to change the option to be payload: 'data' with no luck

What was the result you got?

500 Internal Server Error

What result did you expect?

200 OK

Hydrock commented 9 months ago

I have same problem

jameswragg commented 5 months ago

I thought I hit the same issue recently while using Crumb in restful: true mode. Then realised I wasn't passing the csrf token header in the request & all was good.

Here is my proxy route:

server.route({
  method: ['*'],
  path: '/proxy/{path*}',
  handler: {
    proxy: {
      passThrough: true,
      mapUri: (request) => {
        return {
          uri: urlJoin(options.url, request.path, request.url.search),
        };
      },
      async onResponse(err, res, request, h) {
        if (err) {
          return h.response(err);
        }

        const response = h.response(res);

        response.headers = res.headers;
        response.header('X-CSRF-Token', request.plugins.crumb); // add csrf token header for restful crumb usage

        return response;
      },
    },
  },

Hope that's of help to someone.

p.s. I noticed @Ibabalola mapUri was returning an undefined headers which could have been causing the 500.

kroney commented 1 month ago

You need to set localStatePassThrough: true on the proxy route

hapijs / crumb