Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Strip sensitive cookies from proxied requests #5611

Merged
merged 4 commits into from Apr 4, 2022
Merged

fix: Strip sensitive cookies from proxied requests #5611

merged 4 commits into from Apr 4, 2022

Conversation

nwalters512
Copy link
Contributor

Tested with the following diff to workspaces/xtermjs/src/server.js:

-app.get('/', (req, res) => res.sendFile(path.join(__dirname, 'index.html')));
+app.get('/', (req, res) => {
+  res.header('X-PL-Cookies', JSON.stringify(req.headers));
+  res.sendFile(path.join(__dirname, 'index.html'));
+});

Before this change, the X-PL-Cookies header on the response included our sensitive auth cookies. After this change, it no longer does!

@nwalters512 nwalters512 self-assigned this Apr 4, 2022
@nwalters512 nwalters512 merged commit 8ceb35d into master Apr 4, 2022
@nwalters512 nwalters512 deleted the fix/workspace-proxy-strip-cookies branch April 4, 2022 23:28
nwalters512 added a commit that referenced this pull request Apr 11, 2022
@nwalters512
fix: Strip sensitive cookies from proxied requests (#5611)
741f6d4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mwest1066 mwest1066 mwest1066 approved these changes

Assignees

@nwalters512 nwalters512

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@nwalters512 @mwest1066