whitelist proxied headers when requesting pdfs from clsi

2025-02-17 09:01:53 +00:00 · 2014-12-03 15:09:46 +00:00 · 2014-12-03 15:09:46 +00:00 · a4ddfd5725
commit a4ddfd5725
parent 35b6abe79c
2 changed files with 22 additions and 4 deletions
--- a/services/web/app/coffee/Features/Compile/CompileController.coffee
+++ b/services/web/app/coffee/Features/Compile/CompileController.coffee
@ -78,7 +78,12 @@ module.exports = CompileController =
 			url = "#{compilerUrl}#{url}"
 			logger.log url: url, "proxying to CLSI"
 			oneMinute = 60 * 1000
-			proxy = request(url: url, method: req.method, timeout: oneMinute, headers: req.headers)
+			# pass through If-* and Range headers for byte serving pdfs
+			# do not send any others, potential proxying loop if Host: is passed!
+			newHeaders = {}
+			for h, v of req.headers
+				newHeaders[h] = req.headers[h] if h.match /^(If-|Range)/i
+			proxy = request(url: url, method: req.method, timeout: oneMinute, headers: newHeaders)
 			proxy.pipe(res)
 			proxy.on "error", (error) ->
 				logger.warn err: error, url: url, "CLSI proxy error"
--- a/services/web/test/UnitTests/coffee/Compile/CompileControllerTests.coffee
+++ b/services/web/test/UnitTests/coffee/Compile/CompileControllerTests.coffee
@ -137,7 +137,12 @@ describe "CompileController", ->
 				statusCode: 204
 				headers: { "mock": "header" }
 			@req.method = "mock-method"
-			@req.headers = { 'Mock': 'Headers' }
+			@req.headers = {
+				'Mock': 'Headers',
+				'Range': 'should be passed - Range'
+				'If-Range': 'should be passed - If-Range'
+				'If-Modified-Since': 'should be passed - If-Modified-Since'
+			}

 		describe "user with standard priority", ->

@ -152,7 +157,11 @@ describe "CompileController", ->
 						method: @req.method
 						url: "#{@settings.apis.clsi.url}#{@url}",
 						timeout: 60 * 1000
-						headers: @req.headers
+						headers: {
+							'Range': 'should be passed - Range'
+							'If-Range': 'should be passed - If-Range'
+							'If-Modified-Since': 'should be passed - If-Modified-Since'
+						}
 					)
 					.should.equal true

@ -176,7 +185,11 @@ describe "CompileController", ->
 						method: @req.method
 						url: "#{@settings.apis.clsi_priority.url}#{@url}",
 						timeout: 60 * 1000
-						headers: @req.headers
+						headers: {
+							'Range': 'should be passed - Range'
+							'If-Range': 'should be passed - If-Range'
+							'If-Modified-Since': 'should be passed - If-Modified-Since'
+						}
 					)
 					.should.equal true