From 27b7f3e16b5077a3cf9acd18b6c8a2ec1b7b5d1d Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Fri, 4 Nov 2011 09:34:33 -0600
Subject: [PATCH] http_forward will *only* forward two headers, Content-Type
 and Content-Length, everything else is filtered.  Things like
 Content-Encoding shouldn't be blindly forwarded.

Also when forwarding responses,  ensure proper casing of headers.

issue #460
---
 lib/browserid/http_forward.js | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/lib/browserid/http_forward.js b/lib/browserid/http_forward.js
index 3eec38ed9..5db137c2c 100644
--- a/lib/browserid/http_forward.js
+++ b/lib/browserid/http_forward.js
@@ -16,14 +16,14 @@ module.exports = function(dest, req, res, cb) {
     path: u.pathname,
     method: req.method
   }, function(pres) {
-    var hdrs = {};
-    [ 'access-control-allow-origin', 'content-type', 'content-length' ].forEach(function(key) {
-      if (pres.headers.hasOwnProperty(key)) {
-        hdrs[key] = pres.headers[key];
-      }
-    });
-    res.writeHead(pres.statusCode, hdrs);
-
+    res.statusCode = pres.statusCode;
+    // forward along Content-Type and Content-Length, if available
+    if (pres.headers.hasOwnProperty('content-type')) {
+      res.setHeader('Content-Type', pres.headers['content-type']);
+    }
+    if (pres.headers.hasOwnProperty('content-length')) {
+      res.setHeader('Content-Length', pres.headers['content-length']);
+    }
     pres.on('data', function (chunk) {
       res.write(chunk);
     }).on('end', function() {
-- 
GitLab