gruberb/ohttp-gateway
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove not needed suspicous headers check

Browse source
This commit is contained in:
Bastian Gruber 2025-07-17 11:01:21 -03:00
parent 686cfef02f
commit b11ff4e598
No known key found for this signature in database
GPG key ID: D2DF996A188CFBA2
3 changed files with 2 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Cargo.lock generated
View file

@ -1785,7 +1785,7 @@ dependencies = [
[[package]]
name = "ohttp-gateway"
version = "0.1.0"
version = "0.1.1"
dependencies = [
"anyhow",
"axum",

2
Cargo.toml
View file

@ -1,6 +1,6 @@
[package]
authors = ["Bastian Gruber <foreach@me.com>"]
version = "0.1.0"
version = "0.1.1"
edition = "2024"
name = "ohttp-gateway"
categories = ["web-programming", "web-programming::http-server"]

10
src/middleware/security.rs
View file

@ -174,15 +174,5 @@ pub async fn request_validation_middleware(
}
}
// Check for suspicious headers that might indicate attacks
const SUSPICIOUS_HEADERS: &[&str] = &["x-forwarded-host", "x-original-url", "x-rewrite-url"];
for header_name in SUSPICIOUS_HEADERS {
if headers.contains_key(*header_name) {
warn!("Request contains suspicious header: {}", header_name);
return Err(StatusCode::BAD_REQUEST);
}
}
Ok(next.run(request).await)
}