Compare Engine reporting's privateHeaders case-insensitively, as documented.

The documentation for `privateHeaders`[[0]] suggests that it is case-insensitive. While that statement is true, and the incoming header is lower-cased before checking it against the `privateHeaders` configuration, it assumed that the headers in the `privateHeaders` object were specified in lower-case. This changes the comparison to lower-case both sides prior to determining equality. [0]: https://github.com/apollographql/apollo-server/blob/abb8dc58/packages/apollo-engine-reporting/src/agent.ts#L67-L70 Fixes: https://github.com/apollographql/apollo-server/issues/2273
2025-03-05 09:41:40 -05:00 · 2019-02-06 12:34:01 +02:00 · 2019-02-06 12:34:01 +02:00 · 5ee9845537
commit 5ee9845537
parent 3dfbfcc0d8
1 changed files with 4 additions and 1 deletions
--- a/packages/apollo-engine-reporting/src/extension.ts
+++ b/packages/apollo-engine-reporting/src/extension.ts
@ -129,7 +129,10 @@ export class EngineReportingExtension<TContext = any>
          // We assume that most users only have a few private headers, or will
          // just set privateHeaders to true; we can change this linear-time
          // operation if it causes real performance issues.
-          this.options.privateHeaders.includes(key.toLowerCase())
+          this.options.privateHeaders.some(privateHeader => {
+            // Headers are case-insensitive, and should be compared as such.
+            return privateHeader.toLowerCase() === key.toLowerCase();
+          })
        ) {
          continue;
        }