fix: agent download request headers

fingerprintjs · Apr 29, 2024 · b2dcb89 · b2dcb89
1 parent e9ee3c4
commit b2dcb89
Show file tree

Hide file tree

Showing 4 changed files with 103 additions and 4 deletions.
diff --git a/proxy/app.ts b/proxy/app.ts
@@ -70,7 +70,7 @@ async function handleDownloadScript(
     version: getVersion(request),
     loaderVersion: getLoaderVersion(request),
     method: request.method,
-    headers: filterRequestHeaders(request),
+    headers: filterRequestHeaders(request, true),
   })
 }
 

diff --git a/proxy/test/handlers/handleAgentDownloading.test.ts b/proxy/test/handlers/handleAgentDownloading.test.ts
@@ -240,7 +240,7 @@ describe('Download agent endpoint', () => {
     })
   })
 
-  test('Req body and headers are the same, expect cookies, which should include only _iidt cookie', async () => {
+  test('Req body and headers are the same, except cookies, which should be dropped', async () => {
     const request = mockRequest('/behavior/greiodsfkljlds')
 
     Object.assign(request.headers, {
@@ -293,7 +293,6 @@ describe('Download agent endpoint', () => {
     expect(body).toEqual(agentScript)
 
     expect(options.headers).toEqual({
-      cookie: '_iidt=GlMQaHMfzYvomxCuA7Uymy7ArmjH04jPkT+enN7j/Xk8tJG+UYcQV+Qw60Ry4huw9bmDoO/smyjQp5vLCuSf8t4Jow==',
       'cache-control': 'no-cache',
       'accept-language': 'en-US',
       'user-agent': 'Mozilla/5.0',

diff --git a/proxy/test/utils/headers.test.ts b/proxy/test/utils/headers.test.ts
@@ -338,6 +338,100 @@ describe('filterRequestHeaders', () => {
   })
 })
 
+describe('filterRequestHeaders dropCookies', () => {
+  test('test filterRequestHeaders dropCookies', () => {
+    const req: CloudFrontRequest = {
+      clientIp: '1.1.1.1',
+      method: 'GET',
+      uri: 'fpjs/agent',
+      querystring: 'apiKey=ujKG34hUYKLJKJ1F&version=3&loaderVersion=3.6.2',
+      headers: {
+        'content-type': [
+          {
+            key: 'content-type',
+            value: 'application/json',
+          },
+        ],
+        'content-length': [
+          {
+            key: 'content-length',
+            value: '24354',
+          },
+        ],
+        host: [
+          {
+            key: 'host',
+            value: 'foo.bar',
+          },
+        ],
+        'transfer-encoding': [
+          {
+            key: 'transfer-encoding',
+            value: 'br',
+          },
+        ],
+        via: [
+          {
+            key: 'via',
+            value: 'cloudfront.net',
+          },
+        ],
+        cookie: [
+          {
+            key: 'cookie',
+            value: '_iidt=7A03Gwg; _vid_t=gEFRuIQlzYmv692/UL4GLA==',
+          },
+        ],
+        'x-amzn-cf-id': [
+          {
+            key: 'x-amzn-cf-id',
+            value: 'some value',
+          },
+        ],
+        'x-amz-cf-id': [
+          {
+            key: 'x-amz-cf-id',
+            value: 'some value',
+          },
+        ],
+        'x-amz-cf-yyy': [
+          {
+            key: 'x-amz-cf-yyy',
+            value: 'some value',
+          },
+        ],
+        'x-amzn-cf-zzz': [
+          {
+            key: 'x-amzn-cf-zzz',
+            value: 'some-value',
+          },
+        ],
+        'x-custom-header': [
+          {
+            key: 'x-custom-header',
+            value: 'value123899',
+          },
+        ],
+        'x-edge-qqq': [
+          {
+            key: 'x-edge-qqq',
+            value: 'some value',
+          },
+        ],
+        'strict-transport-security': [
+          {
+            key: 'strict-transport-security',
+            value: 'max-age=600',
+          },
+        ],
+      },
+    }
+    const headers = filterRequestHeaders(req, true)
+
+    expect(headers.cookie).toBeFalsy()
+  })
+})
+
 describe('updateResponseHeaders', () => {
   test('test', () => {
     const headers: IncomingHttpHeaders = {

diff --git a/proxy/utils/headers.ts b/proxy/utils/headers.ts
@@ -69,9 +69,15 @@ export async function prepareHeadersForIngressAPI(
 
 export const getHost = (request: CloudFrontRequest) => request.headers['host'][0].value
 
-export function filterRequestHeaders(request: CloudFrontRequest): OutgoingHttpHeaders {
+export function filterRequestHeaders(request: CloudFrontRequest, dropCookies = false): OutgoingHttpHeaders {
   return Object.entries(request.headers).reduce((result: { [key: string]: string }, [name, value]) => {
     const headerName = name.toLowerCase()
+    if (dropCookies) {
+      if (headerName === 'cookie') {
+        return result
+      }
+    }
+
     // Lambda@Edge function can't add read-only headers from a client request to Ingress API request
     if (isHeaderAllowedForRequest(headerName)) {
       let headerValue = value[0].value