Merge pull request #67 from joeferner/filter-hpkp-headers

joeferner · joeferner · commit 0c436107722c · 2016-03-03T07:46:00.000-05:00
Filter HPKP Headers
diff --git a/lib/proxy.js b/lib/proxy.js
@@ -690,7 +690,7 @@ Proxy.prototype._onHttpServerRequest = function(isSSL, clientToProxyRequest, pro
         if (err) {
           return self._onError('ON_RESPONSEHEADERS_ERROR', ctx, err);
         }
-        ctx.proxyToClientResponse.writeHead(ctx.serverToProxyResponse.statusCode, canonizeHeaders(ctx.serverToProxyResponse.headers));
+        ctx.proxyToClientResponse.writeHead(ctx.serverToProxyResponse.statusCode, Proxy.filterAndCanonizeHeaders(ctx.serverToProxyResponse.headers));
         ctx.responseFilters.push(new ProxyFinalResponseFilter(self, ctx));
         var prevResponsePipeElem = ctx.serverToProxyResponse;
         ctx.responseFilters.forEach(function(filter) {
@@ -702,15 +702,6 @@ Proxy.prototype._onHttpServerRequest = function(isSSL, clientToProxyRequest, pro
   }
 };
 
-var canonizeHeaders = function(originalHeaders) {
-  var headers = {};
-  for (var key in originalHeaders) {
-    headers[key.trim()] = originalHeaders[key];
-  }
-
-  return headers;
-}
-
 var ProxyFinalRequestFilter = function(proxy, ctx) {
   events.EventEmitter.call(this);
   this.writable = true;
@@ -995,3 +986,16 @@ Proxy.parseHost = function(hostString, defaultPort) {
     port: port
   };
 };
+
+Proxy.filterAndCanonizeHeaders = function(originalHeaders) {
+  var headers = {};
+  for (var key in originalHeaders) {
+	var canonizedKey = key.trim();
+    if ('/^public\-key\-pins/i'.test(canonizedKey)) {
+      // KPKP header => filter
+      continue;
+    }
+    headers[canonizedKey] = originalHeaders[key];
+  }
+  return headers;
+};
