merged

author: ab <abdullah_ahmed@brown.edu> 2019-07-30 11:44:19 -0400
committer: ab <abdullah_ahmed@brown.edu> 2019-07-30 11:44:19 -0400
commit: d58d66f29eae28ac8244f8c2bcaa423e0aa99743 (patch)
tree: 6a34daa4fd4111470763f6b5c215c95fcd254f52 /src/server/index.ts
parent: 38b5d646e62535504eb8667b840bf36cd7f2f6d8 (diff)
parent: ca91fe9e379fe3e2d48a0eb055415f008245ed31 (diff)
1 files changed, 16 insertions, 2 deletions
diff --git a/src/server/index.ts b/src/server/index.ts
index 0afbcc4ee..378485b33 100644
--- a/src/server/index.ts
+++ b/src/server/index.ts
@@ -440,8 +440,22 @@ app.post(RouteStore.forgot, postForgot);
 app.get(RouteStore.reset, getReset);
 app.post(RouteStore.reset, postReset);
 
-app.use(RouteStore.corsProxy, (req, res) =>
-    req.pipe(request(decodeURIComponent(req.url.substring(1)))).pipe(res));
+const headerCharRegex = /[^\t\x20-\x7e\x80-\xff]/;
+app.use(RouteStore.corsProxy, (req, res) => {
+    req.pipe(request(decodeURIComponent(req.url.substring(1)))).on("response", res => {
+        const headers = Object.keys(res.headers);
+        headers.forEach(headerName => {
+            const header = res.headers[headerName];
+            if (Array.isArray(header)) {
+                res.headers[headerName] = header.filter(h => !headerCharRegex.test(h));
+            } else if (header) {
+                if (headerCharRegex.test(header as any)) {
+                    delete res.headers[headerName];
+                }
+            }
+        });
+    }).pipe(res);
+});
 
 app.get(RouteStore.delete, (req, res) => {
     if (release) {
author	ab <abdullah_ahmed@brown.edu>	2019-07-30 11:44:19 -0400
committer	ab <abdullah_ahmed@brown.edu>	2019-07-30 11:44:19 -0400
commit	d58d66f29eae28ac8244f8c2bcaa423e0aa99743 (patch)
tree	6a34daa4fd4111470763f6b5c215c95fcd254f52 /src/server/index.ts
parent	38b5d646e62535504eb8667b840bf36cd7f2f6d8 (diff)
parent	ca91fe9e379fe3e2d48a0eb055415f008245ed31 (diff)