You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The privateHeaders option to apollo-engine-reporting is documented as being case-insensitive (appropriate for HTTP headers), and it does work with all casings of actual received headers, but the current implementation accidentally assumes that the header names specified in the privateHeaders option are already lower-case. They should be allowed to be in any case.
…cumented.
The documentation for `privateHeaders`[[0]] suggests that it is
case-insensitive. While that statement is true, and the incoming header is
lower-cased before checking it against the `privateHeaders` configuration,
it assumed that the headers in the `privateHeaders` object were specified in
lower-case.
This changes the comparison to lower-case both sides prior to determining
equality.
[0]: https://github.com/apollographql/apollo-server/blob/abb8dc58/packages/apollo-engine-reporting/src/agent.ts#L67-L70Fixes: #2273
…cumented.
The documentation for `privateHeaders`[[0]] suggests that it is
case-insensitive. While that statement is true, and the incoming header is
lower-cased before checking it against the `privateHeaders` configuration,
it assumed that the headers in the `privateHeaders` object were specified in
lower-case.
This changes the comparison to lower-case both sides prior to determining
equality.
[0]: https://github.com/apollographql/apollo-server/blob/abb8dc58/packages/apollo-engine-reporting/src/agent.ts#L67-L70Fixes: #2273
The privateHeaders option to apollo-engine-reporting is documented as being case-insensitive (appropriate for HTTP headers), and it does work with all casings of actual received headers, but the current implementation accidentally assumes that the header names specified in the privateHeaders option are already lower-case. They should be allowed to be in any case.
The text was updated successfully, but these errors were encountered: