Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regression caused by multiHeaderValue handling on Lambda #2550

Closed
kbrandwijk opened this issue Apr 24, 2024 · 4 comments · Fixed by #2585
Closed

Regression caused by multiHeaderValue handling on Lambda #2550

kbrandwijk opened this issue Apr 24, 2024 · 4 comments · Fixed by #2585
Labels
bug

Comments

@kbrandwijk
Copy link

What version of Hono are you using?

4.2.5

What runtime/platform is your app running on?

AWS

What steps can reproduce the bug?

#2494 introduced the handling of multiHeaderValues. However, this seemed to have caused header duplication. On AWS, using API Gateway, a header is put both in headers and in multiValueHeaders when using proxy integration (even single value ones). The handling introduced in #2494 adds both to the headers array, causing duplicates. As a result, header values are concatenated with commas.

Example output from API Gateway test console:

Wed Apr 24 00:49:47 UTC 2024 : Endpoint request body after transformations: {"resource":"/{proxy+}","path":"/follows","httpMethod":"GET","headers":{"test":"123"},"multiValueHeaders":{"test":["123"]},"queryStringParameters":null,"multiValueQueryStringParameters":null,"pathParameters":{"proxy":"follows"},"stageVariables":null,"requestContext":

As you can see, the same header is in both collections, even though provided only once.

What is the expected behavior?

No header value duplication.

What do you see instead?

Duplicate header values:

c.req.Header("test") // value: '123,123'

Additional information

No response
@kbrandwijk kbrandwijk added the bug label Apr 24, 2024
@ShaneYu
Copy link

ShaneYu commented Apr 24, 2024
edited

We are also experiencing issues due to this bug, primarily we're impacted by this causing the JWT middleware to no longer function. The JWT middleware verifies that the Authorization header value is a string with two parts split via a space (matching Bearer <token>.

Of course, with this duplicate header issue the Authorization header value is actually a value matching Bearer <token>, Bearer <token> which means the check in the JWT middleware fails.

https://github.com/honojs/hono/blob/main/src/middleware/jwt/index.ts#L33

As a workaround we've created a custom middleware to wrap calling the JWT middleware, before executing the JWT middleware we're using this "lovely hacky" line to map the original single header value back into the request headers in the same way the AWS lambda adapter does.

c.req.raw.headers.set('Authorization', c.env.event.headers['Authorization']);

@ShaneYu
Copy link

ShaneYu commented Apr 24, 2024

Not sure if anyone else has a better idea, but our thoughts are that the code that is setting headers from the multiValueHeaders could be updated to only append a value if that value doesn't already exist; thus avoiding duplicates.

https://github.com/honojs/hono/blob/main/src/adapter/aws-lambda/handler.ts#L206

@watany-dev
Copy link
Contributor

Thanks for your comment. I will fix this.

@Amorim33
Copy link
Contributor

Same bug here

Maybe @ShaneYu 's approach would be good

@Amorim33 Amorim33 mentioned this issue May 1, 2024
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(aws-lambda): avoid duplicating already set headers Amorim33/hono
4 participants
@kbrandwijk @ShaneYu @Amorim33 @watany-dev