Merge pull request #43 from fingerprintjs/fix/always-send-all-proxy-headers

fix: send other proxy headers even if proxy secret is undefined INTER-1158

Author: JuroUhlar

src/utils/addProxyIntegrationHeaders.ts

@@ -5,7 +5,8 @@ export function addProxyIntegrationHeaders(headers: Headers, url: string, env: I
   const proxySecret = getProxySecret(env)
   if (proxySecret) {
     headers.set('FPJS-Proxy-Secret', proxySecret)
-    headers.set('FPJS-Proxy-Client-IP', getClientIp())
-    headers.set('FPJS-Proxy-Forwarded-Host', new URL(url).hostname)
   }
+
+  headers.set('FPJS-Proxy-Forwarded-Host', new URL(url).hostname)
+  headers.set('FPJS-Proxy-Client-IP', getClientIp())
 }

test/handlers/ingressAPI.test.ts

@@ -105,26 +105,46 @@ describe('Ingress', () => {
     expect(cookieValue['_iidt']).toBe('test')
   })
 
-  it('should not add proxy integration headers if PROXY_SECRET env not set', async () => {
-    const request = makeRequest(new URL('https://test/result'), { method: 'POST' })
+  it('should add all proxy integration headers if PROXY_SECRET is present, preserving existing headers', async () => {
+    const existingHeaderValue = 'testValue'
+    const secret = '42'
+    const secretStore = new SecretStore('Fingerprint')
+    // @ts-ignore
+    secretStore.set('PROXY_SECRET', secret)
+
+    const request = makeRequest(new URL('https://test/result'), {
+      method: 'POST',
+      headers: { 'X-Test': existingHeaderValue },
+    })
     await handleRequest(request)
 
-    expect(requestHeaders.has('FPJS-Proxy-Secret')).toBe(false)
-    expect(requestHeaders.has('FPJS-Proxy-Client-IP')).toBe(false)
-    expect(requestHeaders.has('FPJS-Proxy-Forwarded-Host')).toBe(false)
+    expect(requestHeaders.has('FPJS-Proxy-Secret')).toBe(true)
+    expect(requestHeaders.has('FPJS-Proxy-Client-IP')).toBe(true)
+    expect(requestHeaders.has('FPJS-Proxy-Forwarded-Host')).toBe(true)
+
+    expect(requestHeaders.get('X-Test')).toBe(existingHeaderValue)
+    expect(requestHeaders.get('FPJS-Proxy-Secret')).toBe(secret)
   })
 
-  it('should add proxy integration headers if PROXY_SECRET is present', async () => {
+  // So Fingerprint server can know the request is coming from a proxy integration, even if the proxy secret is missing
+  it('should add the other proxy integration headers even if PROXY_SECRET is not set, preserving existing headers', async () => {
+    const existingHeaderValue = 'testValue'
     const secretStore = new SecretStore('Fingerprint')
     // @ts-ignore
-    secretStore.set('PROXY_SECRET', 'secret')
+    // Reset the secret to undefined in case a previous test defined it
+    secretStore.set('PROXY_SECRET', undefined)
 
-    const request = makeRequest(new URL('https://test/result'), { method: 'POST' })
+    const request = makeRequest(new URL('https://test/result'), {
+      method: 'POST',
+      headers: { 'X-Test': existingHeaderValue },
+    })
     await handleRequest(request)
 
-    expect(requestHeaders.has('FPJS-Proxy-Secret')).toBe(true)
+    expect(requestHeaders.has('FPJS-Proxy-Secret')).toBe(false)
     expect(requestHeaders.has('FPJS-Proxy-Client-IP')).toBe(true)
     expect(requestHeaders.has('FPJS-Proxy-Forwarded-Host')).toBe(true)
+
+    expect(requestHeaders.get('X-Test')).toBe(existingHeaderValue)
   })
 
   it('should set client ip if request has header Fastly-Client-IP', async () => {