Merge branch 'master' of https://github.com/browngraphicslab/Dash-Web

author: Sam Wilkins <samwilkins333@gmail.com> 2019-07-30 01:24:42 -0400
committer: Sam Wilkins <samwilkins333@gmail.com> 2019-07-30 01:24:42 -0400
commit: e041988b84553797699a5a232e26e72252460e01 (patch)
tree: 32c7aa7eefcc76ab36bc3eec292700dd2a0dd3cf /src/server
parent: 5248a770123e312e1684d7147ecb7118dd6ef1e7 (diff)
parent: 8f1159a8216a56caeabe9bed686852f18758eddb (diff)
1 files changed, 16 insertions, 2 deletions
diff --git a/src/server/index.ts b/src/server/index.ts
index 40c0e7981..adf218be6 100644
--- a/src/server/index.ts
+++ b/src/server/index.ts
@@ -437,8 +437,22 @@ app.post(RouteStore.forgot, postForgot);
 app.get(RouteStore.reset, getReset);
 app.post(RouteStore.reset, postReset);
 
-app.use(RouteStore.corsProxy, (req, res) =>
-    req.pipe(request(decodeURIComponent(req.url.substring(1)))).pipe(res));
+const headerCharRegex = /[^\t\x20-\x7e\x80-\xff]/;
+app.use(RouteStore.corsProxy, (req, res) => {
+    req.pipe(request(decodeURIComponent(req.url.substring(1)))).on("response", res => {
+        const headers = Object.keys(res.headers);
+        headers.forEach(headerName => {
+            const header = res.headers[headerName];
+            if (Array.isArray(header)) {
+                res.headers[headerName] = header.filter(h => !headerCharRegex.test(h));
+            } else if (header) {
+                if (headerCharRegex.test(header as any)) {
+                    delete res.headers[headerName];
+                }
+            }
+        });
+    }).pipe(res);
+});
 
 app.get(RouteStore.delete, (req, res) => {
     if (release) {
author	Sam Wilkins <samwilkins333@gmail.com>	2019-07-30 01:24:42 -0400
committer	Sam Wilkins <samwilkins333@gmail.com>	2019-07-30 01:24:42 -0400
commit	e041988b84553797699a5a232e26e72252460e01 (patch)
tree	32c7aa7eefcc76ab36bc3eec292700dd2a0dd3cf /src/server
parent	5248a770123e312e1684d7147ecb7118dd6ef1e7 (diff)
parent	8f1159a8216a56caeabe9bed686852f18758eddb (diff)