From a4ddfd57255e4a854f0422bead5540efad13fd76 Mon Sep 17 00:00:00 2001
From: Brian Gough <bjg@network-theory.co.uk>
Date: Wed, 3 Dec 2014 15:09:46 +0000
Subject: [PATCH] whitelist proxied headers when requesting pdfs from clsi

---
 .../Features/Compile/CompileController.coffee |  7 ++++++-
 .../Compile/CompileControllerTests.coffee     | 19 ++++++++++++++++---
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/services/web/app/coffee/Features/Compile/CompileController.coffee b/services/web/app/coffee/Features/Compile/CompileController.coffee
index fc02d2a26c..64aaf43e95 100755
--- a/services/web/app/coffee/Features/Compile/CompileController.coffee
+++ b/services/web/app/coffee/Features/Compile/CompileController.coffee
@@ -78,7 +78,12 @@ module.exports = CompileController =
 			url = "#{compilerUrl}#{url}"
 			logger.log url: url, "proxying to CLSI"
 			oneMinute = 60 * 1000
-			proxy = request(url: url, method: req.method, timeout: oneMinute, headers: req.headers)
+			# pass through If-* and Range headers for byte serving pdfs
+			# do not send any others, potential proxying loop if Host: is passed!
+			newHeaders = {}
+			for h, v of req.headers
+				newHeaders[h] = req.headers[h] if h.match /^(If-|Range)/i
+			proxy = request(url: url, method: req.method, timeout: oneMinute, headers: newHeaders)
 			proxy.pipe(res)
 			proxy.on "error", (error) ->
 				logger.warn err: error, url: url, "CLSI proxy error"
diff --git a/services/web/test/UnitTests/coffee/Compile/CompileControllerTests.coffee b/services/web/test/UnitTests/coffee/Compile/CompileControllerTests.coffee
index efd207a7ce..4c40e9d483 100644
--- a/services/web/test/UnitTests/coffee/Compile/CompileControllerTests.coffee
+++ b/services/web/test/UnitTests/coffee/Compile/CompileControllerTests.coffee
@@ -137,7 +137,12 @@ describe "CompileController", ->
 				statusCode: 204
 				headers: { "mock": "header" }
 			@req.method = "mock-method"
-			@req.headers = { 'Mock': 'Headers' }
+			@req.headers = {
+				'Mock': 'Headers',
+				'Range': 'should be passed - Range'
+				'If-Range': 'should be passed - If-Range'
+				'If-Modified-Since': 'should be passed - If-Modified-Since'
+			}
 
 		describe "user with standard priority", ->
 
@@ -152,7 +157,11 @@ describe "CompileController", ->
 						method: @req.method
 						url: "#{@settings.apis.clsi.url}#{@url}",
 						timeout: 60 * 1000
-						headers: @req.headers
+						headers: {
+							'Range': 'should be passed - Range'
+							'If-Range': 'should be passed - If-Range'
+							'If-Modified-Since': 'should be passed - If-Modified-Since'
+						}
 					)
 					.should.equal true
 
@@ -176,7 +185,11 @@ describe "CompileController", ->
 						method: @req.method
 						url: "#{@settings.apis.clsi_priority.url}#{@url}",
 						timeout: 60 * 1000
-						headers: @req.headers
+						headers: {
+							'Range': 'should be passed - Range'
+							'If-Range': 'should be passed - If-Range'
+							'If-Modified-Since': 'should be passed - If-Modified-Since'
+						}
 					)
 					.should.equal true