Merge pull request #40 from DuendeSoftware/dom/simplify-header-handling

Simplify header handling

src/Duende.Bff/BffOptions.cs

@@ -63,11 +63,6 @@ public class BffOptions
         /// </summary>
         public bool ForwardIncomingXForwardedHeaders { get; set; } = false;
 
-        /// <summary>
-        /// Specifies additional headers to forward to remote API endpoints.
-        /// </summary>
-        public ISet<string> ForwardedHeaders { get; set; } = new HashSet<string>();
-
         /// <summary>
         /// Specifies how the path for remote API endpoints gets transformed.
         /// Defaults to removing the configured local prefix.

src/Duende.Bff/Proxy/DefaultHttpTransformerFactory.cs

@@ -40,20 +40,18 @@ public virtual HttpTransformer CreateTransformer(string localPath, string access
         {
             return TransformBuilder.Create(context =>
             {
-                context.CopyRequestHeaders = false;
-
-                // todo: should x-forwarded be added by default?
+                // apply default YARP logic for forwarding headers
+                context.CopyRequestHeaders = true;
+
+                // use our config options to apply x-forwarded-*
                 context.UseDefaultForwarders = false;
-
+
+                // always remove cookie header since this contains the session
+                context.RequestTransforms.Add(new RequestHeaderRemoveTransform("Cookie"));
+
+                // transform path
                 context.RequestTransforms.Add(new PathStringTransform(Options.PathTransformMode, localPath));
-                context.RequestTransforms.Add(new ForwardHeadersRequestTransform(new[]
-                    { HeaderNames.Accept, HeaderNames.ContentLength, HeaderNames.ContentType }));
-
-                if (Options.ForwardedHeaders.Any())
-                {
-                    context.RequestTransforms.Add(new ForwardHeadersRequestTransform(Options.ForwardedHeaders));
-                }
-
+
                 if (Options.AddXForwardedHeaders)
                 {
                     var action = ForwardedTransformActions.Set;

test/Duende.Bff.Tests/Headers/General.cs

@@ -28,32 +28,9 @@ public async Task local_endpoint_should_receive_standard_headers()
         }
 
         [Fact]
-        public async Task custom_header_should_not_be_forwarded_by_default()
+        public async Task custom_header_should_be_forwarded()
         {
             BffHost.BffOptions.AddXForwardedHeaders = false;
-
-            await BffHost.InitializeAsync();
-
-            var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_anon_only/test"));
-            req.Headers.Add("x-csrf", "1");
-            req.Headers.Add("x-custom", "custom");
-            var response = await BffHost.BrowserClient.SendAsync(req);
-
-            response.IsSuccessStatusCode.Should().BeTrue();
-            var json = await response.Content.ReadAsStringAsync();
-            var apiResult = JsonSerializer.Deserialize<ApiResponse>(json);
-
-            apiResult.RequestHeaders.Count.Should().Be(1);
-
-            apiResult.RequestHeaders["Host"].Single().Should().Be("api");
-        }
-
-        [Fact]
-        public async Task custom_header_should_be_forwarded_when_configured()
-        {
-            BffHost.BffOptions.AddXForwardedHeaders = false;
-            BffHost.BffOptions.ForwardedHeaders.Add("x-custom");
-
             await BffHost.InitializeAsync();
 
             var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_anon_only/test"));
@@ -65,8 +42,6 @@ public async Task custom_header_should_be_forwarded_when_configured()
             var json = await response.Content.ReadAsStringAsync();
             var apiResult = JsonSerializer.Deserialize<ApiResponse>(json);
 
-            apiResult.RequestHeaders.Count.Should().Be(2);
-
             apiResult.RequestHeaders["Host"].Single().Should().Be("api");
             apiResult.RequestHeaders["x-custom"].Single().Should().Be("custom");
         }
@@ -75,8 +50,6 @@ public async Task custom_header_should_be_forwarded_when_configured()
         public async Task custom_header_should_be_forwarded_and_xforwarded_headers_should_be_created()
         {
             BffHost.BffOptions.AddXForwardedHeaders = true;
-            BffHost.BffOptions.ForwardedHeaders.Add("x-custom");
-
             await BffHost.InitializeAsync();
 
             var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_anon_only/test"));
@@ -87,9 +60,7 @@ public async Task custom_header_should_be_forwarded_and_xforwarded_headers_shoul
             response.IsSuccessStatusCode.Should().BeTrue();
             var json = await response.Content.ReadAsStringAsync();
             var apiResult = JsonSerializer.Deserialize<ApiResponse>(json);
-
-            apiResult.RequestHeaders.Count.Should().Be(4);
-
+
             apiResult.RequestHeaders["X-Forwarded-Host"].Single().Should().Be("app");
             apiResult.RequestHeaders["X-Forwarded-Proto"].Single().Should().Be("https");
             apiResult.RequestHeaders["Host"].Single().Should().Be("api");
@@ -101,8 +72,6 @@ public async Task custom_and_xforwarded_header_should_be_forwarded_and_xforwarde
         {
             BffHost.BffOptions.AddXForwardedHeaders = true;
             BffHost.BffOptions.ForwardIncomingXForwardedHeaders = true;
-            BffHost.BffOptions.ForwardedHeaders.Add("x-custom");
-
             await BffHost.InitializeAsync();
 
             var req = new HttpRequestMessage(HttpMethod.Get, BffHost.Url("/api_anon_only/test"));
@@ -115,8 +84,6 @@ public async Task custom_and_xforwarded_header_should_be_forwarded_and_xforwarde
             var json = await response.Content.ReadAsStringAsync();
             var apiResult = JsonSerializer.Deserialize<ApiResponse>(json);
 
-            apiResult.RequestHeaders.Count.Should().Be(4);
-
             apiResult.RequestHeaders["X-Forwarded-Proto"].Single().Should().Be("https");
             apiResult.RequestHeaders["Host"].Single().Should().Be("api");
             apiResult.RequestHeaders["x-custom"].Single().Should().Be("custom");