marcel/familienarchiv
1
0
Fork 0
Code Issues 126 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(proxy): block proxy-connection hop-by-hop header from client responses
Some checks failed
CI / Unit & Component Tests (push) Failing after 2m51s
Details
CI / OCR Service Tests (push) Successful in 31s
Details
CI / Backend Unit Tests (push) Failing after 3m0s
Details

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit was merged in pull request #304.
This commit is contained in:
Marcel
2026-04-22 18:21:40 +02:00
committed by marcel
parent 464b8d35d3
commit 31713c324b
2 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
frontend/src/routes/api/[...path]/+server.ts
View File

@@ -12,7 +12,8 @@ const HOP_BY_HOP_HEADERS = new Set([
'proxy-authenticate',
'proxy-authorization',
'te',
'trailer'
'trailer',
'proxy-connection'
]);
async function proxy(event: Parameters<RequestHandler>[0]): Promise<Response> {

17
frontend/src/routes/api/[...path]/proxy.spec.ts
View File

@@ -167,6 +167,23 @@ describe('catch-all API proxy — forwarding', () => {
expect(response.headers.get('Content-Disposition')).toBe('attachment; filename="document.pdf"');
});
it('does not forward proxy-connection hop-by-hop header', async () => {
const mockFetch = vi.fn().mockResolvedValue(
new Response('data', {
status: 200,
headers: {
'Content-Type': 'application/json',
'Proxy-Connection': 'keep-alive'
}
})
);
const event = makeEvent('documents', 'GET', mockFetch);
const response = await GET(event as never);
expect(response.headers.get('Proxy-Connection')).toBeNull();
});
it('does not forward hop-by-hop headers like transfer-encoding', async () => {
const mockFetch = vi.fn().mockResolvedValue(
new Response('data', {