Remove not needed suspicous headers check
This commit is contained in:
parent
686cfef02f
commit
b11ff4e598
3 changed files with 2 additions and 12 deletions
2
Cargo.lock
generated
2
Cargo.lock
generated
|
|
@ -1785,7 +1785,7 @@ dependencies = [
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "ohttp-gateway"
|
name = "ohttp-gateway"
|
||||||
version = "0.1.0"
|
version = "0.1.1"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"anyhow",
|
"anyhow",
|
||||||
"axum",
|
"axum",
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
authors = ["Bastian Gruber <foreach@me.com>"]
|
authors = ["Bastian Gruber <foreach@me.com>"]
|
||||||
version = "0.1.0"
|
version = "0.1.1"
|
||||||
edition = "2024"
|
edition = "2024"
|
||||||
name = "ohttp-gateway"
|
name = "ohttp-gateway"
|
||||||
categories = ["web-programming", "web-programming::http-server"]
|
categories = ["web-programming", "web-programming::http-server"]
|
||||||
|
|
|
||||||
|
|
@ -174,15 +174,5 @@ pub async fn request_validation_middleware(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check for suspicious headers that might indicate attacks
|
|
||||||
const SUSPICIOUS_HEADERS: &[&str] = &["x-forwarded-host", "x-original-url", "x-rewrite-url"];
|
|
||||||
|
|
||||||
for header_name in SUSPICIOUS_HEADERS {
|
|
||||||
if headers.contains_key(*header_name) {
|
|
||||||
warn!("Request contains suspicious header: {}", header_name);
|
|
||||||
return Err(StatusCode::BAD_REQUEST);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
Ok(next.run(request).await)
|
Ok(next.run(request).await)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue