Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: casing now matches what comes in a Netlify function via event.headers #181

Merged
merged 2 commits into from
Aug 10, 2023
Merged

fix: casing now matches what comes in a Netlify function via event.headers #181

merged 2 commits into from
Aug 10, 2023

Conversation

nickytonline
Copy link

@nickytonline nickytonline commented Aug 10, 2023
edited
Loading

TLDR; when I tested this last week, I think something was cached giving the impression that my fix worked. I'm still uncertain how things got cached in a way that led me to think it was fixed on a test site of mine, but here's the rest of the fix.

When we handle headers the casing doesn't matter in other parts of our infrastructure, but it appears that headers get normalized to all lowercase names. Not sure why I didn't catch this (hat tip @hrishikesh-k for suggesting this), but I guess it's been a busy couple of weeks. 😅

To test this, it really requires the Next.js runtime using the version of @netlify/ipx once this gets merged. I've tested it with a release candidate, @netlify/plugin-nextsjs@4.39.4-rc-waf-fix-0.0.0 on my test site https://nick-waf-ipx-test.netlify.app/, Note that you will receive a 404 if you go to the site. You will need to add your IP to the list of allowed IPs. I can configure this if you'd like to test it.

Relates to /~https://github.com/netlify/pod-ecosystem-frameworks/issues/592

@github-actions github-actions bot added the type: bug code to address defects in shipped code label Aug 10, 2023
@nickytonline nickytonline force-pushed the nickytonline/fix-waf-bypass-token-header-casing branch from dfaeffb to 537093c Compare August 10, 2023 15:07
@nickytonline nickytonline self-assigned this Aug 10, 2023
@nickytonline nickytonline marked this pull request as ready for review August 10, 2023 17:53
@nickytonline nickytonline requested a review from a team as a code owner August 10, 2023 17:53
taty2010
taty2010 approved these changes Aug 10, 2023
View reviewed changes
Copy link

@taty2010 taty2010 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@nickytonline nickytonline merged commit 978f4c8 into main Aug 10, 2023
@token-generator-app token-generator-app bot mentioned this pull request Aug 10, 2023
Merged
@hrishikesh-k hrishikesh-k deleted the nickytonline/fix-waf-bypass-token-header-casing branch August 11, 2023 11:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@taty2010 taty2010 taty2010 approved these changes

Assignees

@nickytonline nickytonline

Labels
type: bug code to address defects in shipped code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nickytonline @taty2010