Merge branch 'master' of https://github.com/browngraphicslab/Dash-Web

author: yipstanley <stanley_yip@brown.edu> 2019-07-29 21:21:03 -0400
committer: yipstanley <stanley_yip@brown.edu> 2019-07-29 21:21:03 -0400
commit: 5d30b565fb2ab2d3c9f67fdd9776e08c8a95902e (patch)
tree: 808b6e46c8357b9fb82106ea7673fb97ea9a5d2b /src/server/index.ts
parent: e042f916375fbe4f23288ece0dcec5b61ef2fbed (diff)
parent: 2514917040d24c04a489905c7a1fe4d10013fd31 (diff)
1 files changed, 16 insertions, 2 deletions
diff --git a/src/server/index.ts b/src/server/index.ts
index 40c0e7981..adf218be6 100644
--- a/src/server/index.ts
+++ b/src/server/index.ts
@@ -437,8 +437,22 @@ app.post(RouteStore.forgot, postForgot);
 app.get(RouteStore.reset, getReset);
 app.post(RouteStore.reset, postReset);
 
-app.use(RouteStore.corsProxy, (req, res) =>
-    req.pipe(request(decodeURIComponent(req.url.substring(1)))).pipe(res));
+const headerCharRegex = /[^\t\x20-\x7e\x80-\xff]/;
+app.use(RouteStore.corsProxy, (req, res) => {
+    req.pipe(request(decodeURIComponent(req.url.substring(1)))).on("response", res => {
+        const headers = Object.keys(res.headers);
+        headers.forEach(headerName => {
+            const header = res.headers[headerName];
+            if (Array.isArray(header)) {
+                res.headers[headerName] = header.filter(h => !headerCharRegex.test(h));
+            } else if (header) {
+                if (headerCharRegex.test(header as any)) {
+                    delete res.headers[headerName];
+                }
+            }
+        });
+    }).pipe(res);
+});
 
 app.get(RouteStore.delete, (req, res) => {
     if (release) {
author	yipstanley <stanley_yip@brown.edu>	2019-07-29 21:21:03 -0400
committer	yipstanley <stanley_yip@brown.edu>	2019-07-29 21:21:03 -0400
commit	5d30b565fb2ab2d3c9f67fdd9776e08c8a95902e (patch)
tree	808b6e46c8357b9fb82106ea7673fb97ea9a5d2b /src/server/index.ts
parent	e042f916375fbe4f23288ece0dcec5b61ef2fbed (diff)
parent	2514917040d24c04a489905c7a1fe4d10013fd31 (diff)