Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Functions proxy response header "X-Powered-By" doesn't get overwritten and is duplicated instead #3204

Closed
shahiddev opened this Issue Jul 29, 2018 · 4 comments

Comments

Projects
None yet
4 participants
@shahiddev
Copy link

shahiddev commented Jul 29, 2018

I'm using a functions proxy to add headers to the response. In particular I'm overwriting some of the existing headers to redact them and add some other headers. This works fine for all the headers except X-Powered-By.
This header seems to duplicate, with my functions proxy header being added to the headers but the once I'm trying to overwrite still being present.

Investigative information

Please provide the following:

  • Timestamp: n/a
  • Function App version (1.0 or 2.0-beta): 2.0-beta
  • Function App name: hfcwebsite (consumption)
  • Function name(s) (as appropriate): proxy: index
  • Invocation ID: n/a
  • Region: West Europe

Repro steps

Provide the steps required to reproduce the problem:

  1. Create a v2 FunctionApp and add a proxy for route / to a static html page in storage.
  2. In the proxy responses add response headers for X-Powered-By : redacted
  3. Add header for Server: redacted

Expected behavior

Provide a description of the expected behavior.
The response headers should read
X-Powered-By : redacted
Server: redacted

Actual behavior

Provide a description of the actual behavior observed.
response
The Server header is shown as redacted but the X-Powered-By is duplicated, one is shown as redacted and the other one showing ASP.NET
image

Known workarounds

Provide a description of any known workarounds.

None

Related information

Provide any related information

  • Programming language used
  • Links to source
  • Bindings used
{
    "$schema": "http://json.schemastore.org/proxies",
    "proxies": {
        "index": {
            "matchCondition": {
                "route": "/",
                "methods": [
                    "GET",
                    "HEAD",
                    "OPTIONS",
                    "TRACE"
                ]
            },
            "backendUri": "https://<redacted>.blob.core.windows.net/website/Index.html",
            "responseOverrides": {
                "response.headers.strict-transport-security": "max-age=31536000; includeSubDomains",
                "response.headers.X-Powered-By": "redacted",
                "response.headers.X-Content-Type-Options": "nosniff",
                "response.headers.X-XSS-Protection": "1; mode=block",
                "response.headers.x-ms-blob-type": "redacted",
                "response.headers.x-ms-lease-state": "redacted",
                "response.headers.x-ms-lease-status": "redacted",
                "response.headers.Server": "redacted",
                "response.headers.x-frame-options": "SAMEORIGIN",
                "response.headers.Content-Security-Policy": "script-src 'self'",
                "response.headers.Upgrade-Insecure-Requests": "1",
                "response.headers.Referrer-Policy": "same-origin",
                "response.headers.Feature-Policy": "payment 'self'; geolocation 'self'"
            }
        }
    }
}
@safihamid

This comment has been minimized.

Copy link
Contributor

safihamid commented Jul 30, 2018

This is being added by asp.net as Proxy code which itself is hosted on Function runtime code are running on aspnet. What is the issue if you get dupilcates?

@shahiddev

This comment has been minimized.

Copy link
Author

shahiddev commented Jul 30, 2018

Duplicate is not an issue per se but I want to redact the value of the header in the same way the others are being

@mathewc

This comment has been minimized.

Copy link
Contributor

mathewc commented Jan 16, 2019

Related to #2355

@fabiocav

This comment has been minimized.

Copy link
Member

fabiocav commented Mar 20, 2019

This should be resolved with the release that is currently rolling out (2.0.12353), which should be fully deployed by the end of the week.

@fabiocav fabiocav closed this Mar 20, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.