Open grtjn opened 5 years ago
Here a workaround:
+++ b/node-server/proxy.js @@ -57,6 +57,11 @@ function proxy(req, res) { // TODO: filter www-header in response? // (currently prompts without authed middleware) + delete req.headers['x-forwarded-for']; + delete req.headers['x-forwarded-host']; + delete req.headers['x-forwarded-port']; + delete req.headers['x-forwarded-proto']; + delete req.headers['x-forwarded-server']; proxyServer.web(req, res, headers, function(e) { console.log(e); diff --git a/node-server/routes.js b/node-server/routes.js index c468f1b..e90643e 100644 --- a/node-server/routes.js +++ b/node-server/routes.js @@ -56,6 +56,13 @@ router.get('/user/status', function(req, res) { }; delete headers['content-length']; + + // get rid of some headers that throw off ML authentication + delete headers['x-forwarded-for']; + delete headers['x-forwarded-host']; + delete headers['x-forwarded-port']; + delete headers['x-forwarded-proto']; + authHelper.getAuthorization(req.session, reqOptions.method, reqOptions.path, { authHost: reqOptions.hostname || options.mlHost, authPort: reqOptions.port || options.mlHttpPort, diff --git a/node-server/utils/auth-helper.js b/node-server/utils/auth-helper.js index 7ca2184..9d58c19 100644 --- a/node-server/utils/auth-helper.js +++ b/node-server/utils/auth-helper.js @@ -210,6 +210,15 @@ function getAuthorization(session, reqMethod, reqPath, authOptions) { var authorization = null; var d = q.defer(); var mergedOptions = _.extend({}, defaultOptions, authOptions || {}); + + // get rid of some headers that throw off ML authentication + if (mergedOptions.headers) { + delete mergedOptions.headers['x-forwarded-for']; + delete mergedOptions.headers['x-forwarded-host']; + delete mergedOptions.headers['x-forwarded-port']; + delete mergedOptions.headers['x-forwarded-proto']; + }
Here a workaround: