Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not echo headers in login/register request response #95

Closed
aeneasr opened this issue Oct 24, 2019 · 0 comments · Fixed by #106
Closed

Do not echo headers in login/register request response #95

aeneasr opened this issue Oct 24, 2019 · 0 comments · Fixed by #106
Assignees
@aeneasr
Labels
bug Something is not working.
Milestone
v0.1.0-alpha.1

Comments

@aeneasr
Copy link
Member

aeneasr commented Oct 24, 2019

Describe the bug

Right now when fetching the login or registration request, we recieve a list of headers:

{
  id: '877c1520-e638-4b90-9c89-22ed10de3b5d',
  issued_at: '2019-10-24T11:22:25.56823Z',
  expires_at: '2019-10-24T11:32:25.56823Z',
  request_url: 'http://api.cloud.ory.local/auth/browser/registration',
  headers: {
    Accept: [
      'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
    ],
    'Accept-Encoding': [ 'gzip, deflate' ],
    'Accept-Language': [ 'de,en-US;q=0.7,en;q=0.3' ],
    'Cache-Control': [ 'max-age=0' ],
    Cookie: [
      'csrf_token=KJOz6YZgHVLJOLqgYFATHHjhzAHxiPnNM5CRPOLeCho=; ajs_user_id=null; ajs_group_id=null; ajs_anonymous_id=%2253a846e9-0bf9-4981-aa88-b3f140ea4641%22; hive_session_manager=MTU3MTg0OTAzNnxEdi1CQkFFQ180SUFBUkFCRUFBQVFmLUNBQUVHYzNSeWFXNW5EQVVBQTNOcFpBWnpkSEpwYm1jTUpnQWtaV05sWW1Ga1l6Z3RPREkxTnkwME9UZzRMV0l3WlRFdFlURmpaalUyWTJZNE9XVmp817Fnc_NTTpPyo4geGsizplvDKFgAbeWWTofX2DbGapQ='
    ],
    'Upgrade-Insecure-Requests': [ '1' ],
    'User-Agent': [
      'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:69.0) Gecko/20100101 Firefox/69.0'
    ],
    'X-Forwarded-For': [ '192.168.64.1' ],
    'X-Forwarded-Host': [ 'api.cloud.ory.local' ],
    'X-Forwarded-Port': [ '80' ],
    'X-Forwarded-Proto': [ 'http' ],
    'X-Original-Uri': [
      '/projects/late-nigh-test-8zk4kcxoh5yd7kr0/services/hive/public/auth/browser/registration'
    ],
    'X-Real-Ip': [ '192.168.64.1' ],
    'X-Request-Id': [ '28091f6b1ab94061fdd28463226134e4' ],
    'X-Scheme': [ 'http' ]
  },
  active: 'password',
  methods: {
    oidc: { method: 'oidc', config: [Object] },
    password: { method: 'password', config: [Object] }
  }
}

Expected behavior

Omit this data.
@aeneasr aeneasr added bug Something is not working. security labels Oct 24, 2019
@aeneasr aeneasr added this to the v0.0.1 milestone Oct 24, 2019
@aeneasr aeneasr self-assigned this Oct 24, 2019
aeneasr added a commit that referenced this issue Nov 4, 2019
@aeneasr
selfservice: Omit request header from login/registration request
e24bc4c 
When fetching a login and registration request, the HTTP Request Headers
must not be included in the response, as they contain irrelevant
information for the API caller.

Closes #95
@aeneasr aeneasr mentioned this issue Nov 4, 2019
Merged
aeneasr added a commit that referenced this issue Nov 4, 2019
@aeneasr
selfservice: Omit request header from login/registration request (#106)
9b07587 
When fetching a login and registration request, the HTTP Request Headers
must not be included in the response, as they contain irrelevant
information for the API caller.

Closes #95
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aeneasr aeneasr

Labels
bug Something is not working.
Projects
None yet
Milestone
v0.1.0-alpha.1
Development

Successfully merging a pull request may close this issue.

selfservice: Omit request header from login/registration request ory/kratos
1 participant
@aeneasr