crumb icon indicating copy to clipboard operation
crumb copied to clipboard

Published 20 hours ago verified publisher icon hapijs

Unable to add crumb token to payload with h2o2 proxy

Open Ibabalola opened this issue 4 years ago • 3 comments

Support plan

  • is this issue currently blocking your project? (yes):
  • is this issue affecting a production system? (no):

Context

  • node version: 12.16.2
  • module version with issue: 8.0.0
  • last module version without issue: 8.0.0
  • environment (e.g. node, browser, native): browser
  • used with (e.g. hapi application, another framework, standalone, ...):hapi application
  • any other relevant information: h2o2 proxy

What are you trying to achieve or the steps to reproduce?

The front end is passing correctly the crumb token, the crumb token is stored inside the cookie.

Crumb plugin registry:

    await HapiServer.register({
      plugin: Crumb,
      options: {
        cookieOptions: {
          isSecure: false
        }
      }
    });

The proxy sent down the date as a Stream format; In the below code because the content is of type Stream the request is forbidden.

 if (!content ||
      content instanceof Stream) {

     unauthorizedLogger();
     throw Boom.forbidden();
}

This is my proxy

const setupProxy = (server, serviceUrl, proxyBasePath, useIdToken=false, whitelist=[]) => {
  server.route({
    method: ['POST', 'GET', 'PUT', 'DELETE'],
    path: proxyBasePath + '{service*}',
    options: {
      auth: config.authStrategies()
    },
    handler: {
      proxy: {
        passThrough: true,
        mapUri: async (req) => {
          const query = req.url.search ? req.url.search : '';
          const servicePath = req.params.service;
          const uri = serviceUrl + servicePath + query;
          return { uri, headers };
        }
      }
    }
  });
};

Tried to change the option to be payload: 'data' with no luck

What was the result you got?

500 Internal Server Error

What result did you expect?

200 OK

Ibabalola avatar Aug 25 '20 17:08 Ibabalola

I have same problem

Hydrock avatar Nov 27 '23 14:11 Hydrock

I thought I hit the same issue recently while using Crumb in restful: true mode. Then realised I wasn't passing the csrf token header in the request & all was good.

Here is my proxy route:

server.route({
  method: ['*'],
  path: '/proxy/{path*}',
  handler: {
    proxy: {
      passThrough: true,
      mapUri: (request) => {
        return {
          uri: urlJoin(options.url, request.path, request.url.search),
        };
      },
      async onResponse(err, res, request, h) {
        if (err) {
          return h.response(err);
        }

        const response = h.response(res);

        response.headers = res.headers;
        response.header('X-CSRF-Token', request.plugins.crumb); // add csrf token header for restful crumb usage

        return response;
      },
    },
  },

Hope that's of help to someone.

p.s. I noticed @Ibabalola mapUri was returning an undefined headers which could have been causing the 500.

jameswragg avatar Mar 05 '24 13:03 jameswragg