ignore content-type header in auth webhook (#2197)

2026-05-25 10:23:36 +08:00 · 2019-05-16 09:11:16 +00:00
parent 3ef1219fa0
commit 81bdfafd69
4 changed files with 12 additions and 11 deletions
--- a/docs/graphql/manual/auth/webhook.rst
+++ b/docs/graphql/manual/auth/webhook.rst
@@ -39,6 +39,7 @@ GET request
 If you configure your webhook to use ``GET``, then Hasura **will forward all client headers except**:

 - ``Content-Length``
+- ``Content-Type``
 - ``Content-MD5``
 - ``User-Agent``
 - ``Host``
--- a/server/src-lib/Hasura/GraphQL/Execute.hs
+++ b/server/src-lib/Hasura/GraphQL/Execute.hs
@@ -41,7 +41,7 @@ import           Hasura.HTTP
 import           Hasura.Prelude
 import           Hasura.RQL.DDL.Headers
 import           Hasura.RQL.Types
-import           Hasura.Server.Utils                    (bsToTxt)
+import           Hasura.Server.Utils                    (bsToTxt, commonClientHeadersIgnored)

 import qualified Hasura.GraphQL.Execute.LiveQuery       as EL
 import qualified Hasura.GraphQL.Execute.Plan            as EP
@@ -362,11 +362,7 @@ execRemoteGQ manager userInfo reqHdrs q rsi opDef = do
    userInfoToHdrs = map (\(k, v) -> (CI.mk $ CS.cs k, CS.cs v)) $
                     userInfoToList userInfo
    filteredHeaders = filterUserVars $ flip filter reqHdrs $ \(n, _) ->
-      n `notElem` [ "Content-Length", "Content-MD5", "User-Agent", "Host"
-                  , "Origin", "Referer" , "Accept", "Accept-Encoding"
-                  , "Accept-Language", "Accept-Datetime"
-                  , "Cache-Control", "Connection", "DNT", "Content-Type"
-                  ]
+      n `notElem` commonClientHeadersIgnored

    filterUserVars hdrs =
      let txHdrs = map (\(n, v) -> (bsToTxt $ CI.original n, bsToTxt v)) hdrs
--- a/server/src-lib/Hasura/Server/Auth.hs
+++ b/server/src-lib/Hasura/Server/Auth.hs
@@ -214,11 +214,7 @@ userInfoFromAuthHook logger manager hook reqHeaders = do
      throw500 "Internal Server Error"

    filteredHeaders = flip filter reqHeaders $ \(n, _) ->
-      n `notElem` [ "Content-Length", "Content-MD5", "User-Agent", "Host"
-                  , "Origin", "Referer" , "Accept", "Accept-Encoding"
-                  , "Accept-Language", "Accept-Datetime"
-                  , "Cache-Control", "Connection", "DNT"
-                  ]
+      n `notElem` commonClientHeadersIgnored

 getUserInfo
  :: (MonadIO m, MonadError QErr m)
--- a/server/src-lib/Hasura/Server/Utils.hs
+++ b/server/src-lib/Hasura/Server/Utils.hs
@@ -49,6 +49,14 @@ userIdHeader = "x-hasura-user-id"
 bsToTxt :: B.ByteString -> T.Text
 bsToTxt = TE.decodeUtf8With TE.lenientDecode

+commonClientHeadersIgnored :: (IsString a) => [a]
+commonClientHeadersIgnored =
+  [ "Content-Length", "Content-MD5", "User-Agent", "Host"
+  , "Origin", "Referer" , "Accept", "Accept-Encoding"
+  , "Accept-Language", "Accept-Datetime"
+  , "Cache-Control", "Connection", "DNT", "Content-Type"
+  ]
+
 txtToBs :: T.Text -> B.ByteString
 txtToBs = TE.encodeUtf8