Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

isMiaHeaderInjected proxy headers if set in ADDITIONAL_HEADERS_TO_PROXY env #354

Open
davidebianchi opened this issue Oct 3, 2023 · 4 comments
Open

isMiaHeaderInjected proxy headers if set in ADDITIONAL_HEADERS_TO_PROXY env #354

davidebianchi opened this issue Oct 3, 2023 · 4 comments
Labels
bug Something isn't working

Comments

@davidebianchi
Copy link
Member

Describe the bug
When I set isMiaHeaderInjected option to false, the header to proxy set in ADDITIONAL_HEADERS_TO_PROXY env are proxied if I use the http client in the request object.

Furthermore, if I set the mia headers inside the ADDITIONAL_HEADERS_TO_PROXY list, them are proxied anyhow.

Expected behavior
I expect to not proxy headers if I set this option.
We have 2 possibilities:

  1. isMiaHeaderInjected do not forward proxy if set
  2. add another options, to avoid to proxy all headers and not only the headers flagged as mia-headers

Desktop (please complete the following information):

  • Version: 6.0.0
@davidebianchi davidebianchi added the bug Something isn't working label Oct 3, 2023
@fredmaggiowski
Copy link
Member

I'd add an option that enables headers to proxy and by default will be disabled in the next major; what do you think about this?

@Danielecina
Copy link
Member

Danielecina commented Oct 3, 2023
edited
Loading

I would put an option when we instantiate the httpClient that blocks the forward.
I don't know if I would just do mia-headers. I'd try to think of something that makes it more generic.
Maybe I'd do something that picks specific headers that we want to pass along !?

@davidebianchi
Copy link
Member Author

@fredmaggiowski Why disable the headers to proxy by default? If you use the http client inside the request, you probably want to proxy headers by default. If not, you always can to disable it.

@Danielecina it is possible to pick headers already using the ADDITIONAL_HEADERS_TO_PROXY env var and use the client inside the request. Otherwise, if you instantiate the client directly, you always can add headers as options. I agree to use a more generic name for the option, maybe it could be changed with the future breaking of the lib.

I think that the question here is if there is some value to have two different options to manage differently headers to proxy and specific Mia headers to proxy. What do you think about?

@fredmaggiowski
Copy link
Member

@fredmaggiowski Why disable the headers to proxy by default? If you use the http client inside the request, you probably want to proxy headers by default. If not, you always can to disable it.

Just to make sure that headers are not mistakenly proxied to external services as this may be security concerning

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fredmaggiowski @davidebianchi @Danielecina