AzureFunctions Proxy x-ms-privatelink-id causing invalid header value check

[johnnliu]

When function is routed through Azure Functions Proxy, a x-ms-privatelink-id header value is added.

This header value has invalid characters

"x-ms-privatelink-id":"\n\nrequest-id\u00123|50e85f514b894e43945890308a5081ab.029e71f938874c4d."

Which fails "fetch-node" 's Headers validation check.

Investigative information

Please provide the following:

• Timestamp:
• Function App version:
• Function App name:
• Function name(s) (as appropriate):
• Invocation ID:
• Region:

Repro steps

Provide the steps required to reproduce the problem:

import { AzureFunction, Context, HttpRequest } from "@azure/functions"
import { Headers } from "node-fetch"

const httpTrigger: AzureFunction = async function (context: Context, req: HttpRequest): Promise<void> {
    context.log('HTTP trigger function processed a request.');

    context.log( JSON.stringify(req.headers) );

    let h = new Headers(req.headers);

    context.log( JSON.stringify(h) );

    const name = (req.query.name || (req.body && req.body.name));
    const responseMessage = name
        ? "Hello, " + name + ". This HTTP triggered function executed successfully."
        : "This HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response.";

    context.res = {
        // status: 200, /* Defaults to 200 */
        body: responseMessage
    };
};

export default httpTrigger;

Expected behavior

Provide a description of the expected behavior.

When function is called directly - no issues.
When function is called through an AzureFunctions proxy - no issues.

Actual behavior

Provide a description of the actual behavior observed.

When function is called through an AzureFunctions proxy - fails with

2020-05-07T08:25:32.807 [Information] {"accept":"/","accept-encoding":"gzip","cache-control":"no-cache","connection":"Keep-Alive","content-length":"0",
...
,"x-ms-privatelink-id":"\n\nrequest-id\u00123|50e85f514b894e43945890308a5081ab.029e71f938874c4d.","traceparent":"00-50e85f514b894e43945890308a5081ab-029e71f938874c4d-00","x-arr-ssl":"2048|256|C=US, S=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5|CN=*.azurewebsites.net","x-appservice-proto":"https"}
2020-05-07T08:25:33.293 [Error] Executed 'Functions.testRedirect' (Failed, Id=a704c0e8-ad73-4878-89ac-df4e67de962d)
Result: Failure
Exception: TypeError:

request-id�3|50e85f514b894e43945890308a5081ab.029e71f938874c4d. is not a legal HTTP header value
Stack: TypeError:

request-id�3|50e85f514b894e43945890308a5081ab.029e71f938874c4d. is not a legal HTTP header value
at validateValue (D:\home\site\wwwroot\node_modules\node-fetch\lib\index.js:677:9)
at Headers.append (D:\home\site\wwwroot\node_modules\node-fetch\lib\index.js:829:3)
at new Headers (D:\home\site\wwwroot\node_modules\node-fetch\lib\index.js:754:11)
at Object. (D:\home\site\wwwroot\dist\testRedirect\index.js:17:17)
at Generator.next ()
at D:\home\site\wwwroot\dist\testRedirect\index.js:8:71
at new Promise ()
at __awaiter (D:\home\site\wwwroot\dist\testRedirect\index.js:4:12)
at Object.httpTrigger [as default] (D:\home\site\wwwroot\dist\testRedirect\index.js:14:12)
at D:\Program Files (x86)\SiteExtensions\Functions\2.0.13351\workers\node\worker-bundle.js:18808:26

Known workarounds

Provide a description of any known workarounds.

Don't use Node-Fetch? But this is a depedency of ApolloServer for AzureFunctions that I can't remove.

Related information

Provide any related information

This appears to be a most recent bug that started happening on 2020-05-06

Tried to remove x-ms-privatelink-id in AzureFunctions Proxy config, but it comes back regardless.

[niklas-e]

I started to have similar issues with my Azure Function App on 2020-05-06. I don't have a proxy or any custom networking configurations. I started to get "POST missing body" (from ApolloServer) in my app. I added some logging and noticed that for some reason x-ms-privatelink-id is eating the body pretty often.

I also tried to send test requests via Azure Portal. I set the request body to an JSON object { "someProperty" : "this is really buggy" } and this is what I get in my headers: "x-ms-privatelink-id":"\\n+{ \\"someProperty\\" : \\"this is really buggy\\" }" ... and the actual request body is empty.

My app is basically broken, because this happens to the most of the requests.

[johnnliu]

My current workaround in the function handler

previous

export default server.createHandler();

workaround

const graphqlHandler = server.createHandler();

export default (context: Context, req: HttpRequest) => {

    // https://github.com/Azure/azure-functions-host/issues/6013
    req.headers['x-ms-privatelink-id'] = '';

    return graphqlHandler(context, req);
}

[lworkman]

Any word on when this will be fixed? I have a number of production functions that I'm now worried are going to break out of the blue.

[Chaosed0]

I'm also seeing these symptoms in my functionapp, but my setup is different. I'm logging all headers for debugging purposes and it appears that something is always getting eaten by the x-ms-privatelink-id header. Most of the time it appears to be a header value:

x-ms-privatelink-id: �x-original-url�N/api/submitscore?code=9ahPno8YlBBeMUxE41Sq1lFyNlA8muAdzwUPHm4qI5wdsVJOKuJQ8w==

But sometimes, it eats the body, which results in a fatal error in my application since the body then is returned as null in the request object. The x-ms-privatelink-id header looks like this when that happens:

x-ms-privatelink-id: �9{"score":0,"env":"Demo","gameMode":"Demo","version":"1"}

Does anyone know a workaround? This appears to only be occurring in production. Tried both v2 and v3 runtimes.