cms icon indicating copy to clipboard operation
cms copied to clipboard
verified publisher icon code100x

fixed the middleware bypass risk

Open chauhan-varun opened this issue 7 months ago • 0 comments

PR Fixes:

  • Middleware Authentication Bypass

Resolves #1831

Fix Implementation

  1. Middleware Layer (/src/middleware.ts):

    • Block and reject x-middleware-subrequest header manipulation
    • Remove client-provided g headers
    • Add timestamp validation

  2. API Validation (/src/lib/validateAuthHeader.ts):

    • Created reusable validation helper
    • Implemented defense-in-depth validation

Verification

The security fix was verified using curl to attempt the exploit:

curl -i -H "x-middleware-subrequest: src/middleware:src/middleware:src/middleware" -H "g: {\"id\":1,\"email\":\"[email protected]\"}" "http://localhost:3000/api/mobile/search?q=web"

Result: HTTP/1.1 403 Forbidden with {"message":"Unauthorized"} response
image

Checklist before requesting a review I have performed a self-review of my code I assure there is no similar/duplicate pull request regarding same issue

chauhan-varun avatar May 10 '25 12:05 chauhan-varun