grpc
/
grpc-node
mirror of https://github.com/grpc/grpc-node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1275 from murgatroid99/grpc-js_auth_header_defense 

grpc-js: Detect and error on multiple auth headers
This commit is contained in:
Michael Lumish 2020-02-24 12:38:48 -08:00 committed by GitHub
parent 1fc9825523 03b70172e0
commit 086fb3d6a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
packages/grpc-js/src/call-credentials-filter.ts
View File

@ -20,6 +20,7 @@ import { Call } from './call-stream';
import { Channel } from './channel';
import { BaseFilter, Filter, FilterFactory } from './filter';
import { Metadata } from './metadata';
import { Status } from './constants';
export class CallCredentialsFilter extends BaseFilter implements Filter {
private serviceUrl: string;
@ -50,6 +51,12 @@ export class CallCredentialsFilter extends BaseFilter implements Filter {
});
const resultMetadata = await metadata;
resultMetadata.merge(await credsMetadata);
if (resultMetadata.get('authorization').length > 1) {
this.stream.cancelWithStatus(
Status.INTERNAL,
'"authorization" metadata cannot have multiple values'
);
}
return resultMetadata;
}
}