|
|
|
@ -685,6 +685,9 @@ export function getTransitiveHeaders(req: Request): {[key: string]: string} {
|
|
|
|
|
const XRequestedWith = req.get('X-Requested-With');
|
|
|
|
|
const Origin = req.get('Origin'); // Pass along the original Origin since it may
|
|
|
|
|
// play a role in granular access control.
|
|
|
|
|
const Host = req.get('Host'); // Also pass along the original Host, as we need it since
|
|
|
|
|
// the destination compares that with the Origin header.
|
|
|
|
|
|
|
|
|
|
const result: Record<string, string> = {
|
|
|
|
|
...(Authorization ? { Authorization } : undefined),
|
|
|
|
|
...(Cookie ? { Cookie } : undefined),
|
|
|
|
@ -692,6 +695,7 @@ export function getTransitiveHeaders(req: Request): {[key: string]: string} {
|
|
|
|
|
...(PermitHeader ? { Permit: PermitHeader } : undefined),
|
|
|
|
|
...(XRequestedWith ? { 'X-Requested-With': XRequestedWith } : undefined),
|
|
|
|
|
...(Origin ? { Origin } : undefined),
|
|
|
|
|
...(Host ? { Host } : undefined),
|
|
|
|
|
};
|
|
|
|
|
const extraHeader = process.env.GRIST_FORWARD_AUTH_HEADER;
|
|
|
|
|
const extraHeaderValue = extraHeader && req.get(extraHeader);
|
|
|
|
|