fix: fix bug with Host header not sent to ModSecurity for HTTP/2 requests

2025-01-22 09:49:58 +01:00 · 2025-01-22 09:49:58 +01:00 · ceea98db38
commit ceea98db38
parent 304664a9e9
1 changed files with 23 additions and 7 deletions
--- a/src/index.js
+++ b/src/index.js
@ -421,16 +421,32 @@ module.exports = (req, res, logFacilities, config, next) => {
      return processIntervention();
    }

-    let key = null;
-    req.rawHeaders.forEach((v) => {
-      if (key === null) {
-        key = v;
-      } else {
-        transaction.addRequestHeader(key, v);
-        key = null;
+    let headerIntervene = false;
+    Object.keys(req.headers).every((key) => {
+      if (typeof req.headers[key] == "string") {
+        securityResponse = transaction.addResponseHeader(key, req.headers[key]);
+        if (typeof securityResponse === "object") {
+          headerIntervene = true;
+          return false;
+        }
+      } else if (Array.isArray(req.headers[key])) {
+        req.headers[key].every((value) => {
+          securityResponse = transaction.addResponseHeader(key, value);
+          if (typeof securityResponse === "object") {
+            headerIntervene = true;
+            return false;
+          }
+          return true;
+        });
+        if (headerIntervene) return false;
      }
+      return true;
    });

+    if (headerIntervene) {
+      return processIntervention();
+    }
+
    securityResponse = transaction.processRequestHeaders();
    if (typeof securityResponse === "object") {
      return processIntervention();