From 3dfbfcc0d8ac4772e9fdc80e36de1e5978a3127a Mon Sep 17 00:00:00 2001 From: Jesse Rosenberger Date: Wed, 6 Feb 2019 12:24:01 +0200 Subject: [PATCH 1/3] Use `Array.isArray` rather than `typeof` ... `=== 'object'` to check Arrayness. --- packages/apollo-engine-reporting/src/extension.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/apollo-engine-reporting/src/extension.ts b/packages/apollo-engine-reporting/src/extension.ts index 86ad82476a5..92899c10f05 100644 --- a/packages/apollo-engine-reporting/src/extension.ts +++ b/packages/apollo-engine-reporting/src/extension.ts @@ -125,7 +125,7 @@ export class EngineReportingExtension for (const [key, value] of o.request.headers) { if ( this.options.privateHeaders && - typeof this.options.privateHeaders === 'object' && + Array.isArray(this.options.privateHeaders) && // We assume that most users only have a few private headers, or will // just set privateHeaders to true; we can change this linear-time // operation if it causes real performance issues. @@ -164,7 +164,7 @@ export class EngineReportingExtension Object.keys(o.variables).forEach(name => { if ( this.options.privateVariables && - typeof this.options.privateVariables === 'object' && + Array.isArray(this.options.privateVariables) && // We assume that most users will have only a few private variables, // or will just set privateVariables to true; we can change this // linear-time operation if it causes real performance issues. From 5ee98455379da4d2a5a310ac43fe217bf67c69c5 Mon Sep 17 00:00:00 2001 From: Jesse Rosenberger Date: Wed, 6 Feb 2019 12:34:01 +0200 Subject: [PATCH 2/3] Compare Engine reporting's `privateHeaders` case-insensitively, as documented. The documentation for `privateHeaders`[[0]] suggests that it is case-insensitive. While that statement is true, and the incoming header is lower-cased before checking it against the `privateHeaders` configuration, it assumed that the headers in the `privateHeaders` object were specified in lower-case. This changes the comparison to lower-case both sides prior to determining equality. [0]: https://github.com/apollographql/apollo-server/blob/abb8dc58/packages/apollo-engine-reporting/src/agent.ts#L67-L70 Fixes: https://github.com/apollographql/apollo-server/issues/2273 --- packages/apollo-engine-reporting/src/extension.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/packages/apollo-engine-reporting/src/extension.ts b/packages/apollo-engine-reporting/src/extension.ts index 92899c10f05..bbc31a26860 100644 --- a/packages/apollo-engine-reporting/src/extension.ts +++ b/packages/apollo-engine-reporting/src/extension.ts @@ -129,7 +129,10 @@ export class EngineReportingExtension // We assume that most users only have a few private headers, or will // just set privateHeaders to true; we can change this linear-time // operation if it causes real performance issues. - this.options.privateHeaders.includes(key.toLowerCase()) + this.options.privateHeaders.some(privateHeader => { + // Headers are case-insensitive, and should be compared as such. + return privateHeader.toLowerCase() === key.toLowerCase(); + }) ) { continue; } From 4c1b56aca05f4c0761b5d995e81776351eee67b7 Mon Sep 17 00:00:00 2001 From: Jesse Rosenberger Date: Thu, 7 Feb 2019 11:44:26 +0200 Subject: [PATCH 3/3] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 47f965fbac0..baa9be6e25f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ### vNEXT - Fix: Serialize arrays as JSON on fetch in `RESTDataSource`. [PR #2219](https://github.com/apollographql/apollo-server/pull/2219) +- Fix: The `privateHeaders` configuration for `apollo-engine-reporting` now allows headers to be specified using any case and lower-cases them prior to comparison. [PR #2276](https://github.com/apollographql/apollo-server/pull/2276) ### v2.3.3