From 6cdead98509e3b933f87c9bb12c1ae7102035a56 Mon Sep 17 00:00:00 2001 From: Anon Ray Date: Thu, 16 May 2019 12:50:59 +0530 Subject: [PATCH 1/2] ignore content-type header in auth webhook --- server/src-lib/Hasura/GraphQL/Execute.hs | 8 ++------ server/src-lib/Hasura/Server/Auth.hs | 6 +----- server/src-lib/Hasura/Server/Utils.hs | 8 ++++++++ 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/server/src-lib/Hasura/GraphQL/Execute.hs b/server/src-lib/Hasura/GraphQL/Execute.hs index e3a508bbfc8c9..ee40a44d5c003 100644 --- a/server/src-lib/Hasura/GraphQL/Execute.hs +++ b/server/src-lib/Hasura/GraphQL/Execute.hs @@ -41,7 +41,7 @@ import Hasura.HTTP import Hasura.Prelude import Hasura.RQL.DDL.Headers import Hasura.RQL.Types -import Hasura.Server.Utils (bsToTxt) +import Hasura.Server.Utils (bsToTxt, commonClientHeadersIgnored) import qualified Hasura.GraphQL.Execute.LiveQuery as EL import qualified Hasura.GraphQL.Execute.Plan as EP @@ -362,11 +362,7 @@ execRemoteGQ manager userInfo reqHdrs q rsi opDef = do userInfoToHdrs = map (\(k, v) -> (CI.mk $ CS.cs k, CS.cs v)) $ userInfoToList userInfo filteredHeaders = filterUserVars $ flip filter reqHdrs $ \(n, _) -> - n `notElem` [ "Content-Length", "Content-MD5", "User-Agent", "Host" - , "Origin", "Referer" , "Accept", "Accept-Encoding" - , "Accept-Language", "Accept-Datetime" - , "Cache-Control", "Connection", "DNT", "Content-Type" - ] + n `notElem` commonClientHeadersIgnored filterUserVars hdrs = let txHdrs = map (\(n, v) -> (bsToTxt $ CI.original n, bsToTxt v)) hdrs diff --git a/server/src-lib/Hasura/Server/Auth.hs b/server/src-lib/Hasura/Server/Auth.hs index edd1b0db41b0b..9573d3a98a641 100644 --- a/server/src-lib/Hasura/Server/Auth.hs +++ b/server/src-lib/Hasura/Server/Auth.hs @@ -214,11 +214,7 @@ userInfoFromAuthHook logger manager hook reqHeaders = do throw500 "Internal Server Error" filteredHeaders = flip filter reqHeaders $ \(n, _) -> - n `notElem` [ "Content-Length", "Content-MD5", "User-Agent", "Host" - , "Origin", "Referer" , "Accept", "Accept-Encoding" - , "Accept-Language", "Accept-Datetime" - , "Cache-Control", "Connection", "DNT" - ] + n `notElem` commonClientHeadersIgnored getUserInfo :: (MonadIO m, MonadError QErr m) diff --git a/server/src-lib/Hasura/Server/Utils.hs b/server/src-lib/Hasura/Server/Utils.hs index 46e0d94d99c03..67132251cc2a7 100644 --- a/server/src-lib/Hasura/Server/Utils.hs +++ b/server/src-lib/Hasura/Server/Utils.hs @@ -40,6 +40,14 @@ userIdHeader = "x-hasura-user-id" bsToTxt :: B.ByteString -> T.Text bsToTxt = TE.decodeUtf8With TE.lenientDecode +commonClientHeadersIgnored :: (IsString a) => [a] +commonClientHeadersIgnored = + [ "Content-Length", "Content-MD5", "User-Agent", "Host" + , "Origin", "Referer" , "Accept", "Accept-Encoding" + , "Accept-Language", "Accept-Datetime" + , "Cache-Control", "Connection", "DNT", "Content-Type" + ] + -- Parsing postgres database url -- from: https://github.com/futurice/postgresql-simple-url/ parseDatabaseUrl :: String -> Maybe String -> Maybe Q.ConnInfo From e67d3c3bb1abfda3e11e21c8cc0a0bfc3bc6a39e Mon Sep 17 00:00:00 2001 From: Anon Ray Date: Thu, 16 May 2019 13:59:47 +0530 Subject: [PATCH 2/2] update relevant docs --- docs/graphql/manual/auth/webhook.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/graphql/manual/auth/webhook.rst b/docs/graphql/manual/auth/webhook.rst index 23a8f2f0d35bf..cbe76439fe6ac 100644 --- a/docs/graphql/manual/auth/webhook.rst +++ b/docs/graphql/manual/auth/webhook.rst @@ -39,6 +39,7 @@ GET request If you configure your webhook to use ``GET``, then Hasura **will forward all client headers except**: - ``Content-Length`` +- ``Content-Type`` - ``Content-MD5`` - ``User-Agent`` - ``Host``