Pass headers to upload endpoint

transloadit / uppy-server

[DEPRECATED] 'Uppy Server' was renamed to 'Companion' and lives inside the Uppy repo no

https://github.com/transloadit/uppy/tree/master/packages/%40uppy/companion

MIT License

114 stars 27 forks source link

Pass headers to upload endpoint #85

Closed damianijr closed 6 years ago

damianijr commented 6 years ago

The purpose of this PR is make uppy-server be able to pass request headers configured in uppy XHR to upload endpoint.

There are a lot of use cases that need of this feature (authorizations, refer, and so on..).

Nowadays, the headers already are sended to providers endpoints but is not passed to upload endpoint.

This discussion was started in uppy project, follow the link: https://github.com/transloadit/uppy/issues/779

goto-bus-stop commented 6 years ago

We should make sure that this can't be used to bypass browser restrictions on headers. There is a list here of headers that can't be set using browser XMLHttpRequest: https://fetch.spec.whatwg.org/#forbidden-header-name

Any of that list + anything starting with Proxy- or Sec- should be removed from the headers object before we use it

damianijr commented 6 years ago

tks @goto-bus-stop, I will implement this header blacklist and push soon.

damianijr commented 6 years ago

@goto-bus-stop @ifedapoolarewaju new PR available. Let mw know about changes or improves. tks

ifedapoolarewaju commented 6 years ago

thank you for the PR