Summary NOTE: This may not necessarily be a

Hey <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url=

Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-u

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Any update on this, <a class="user-mention notranslate" data-hovercard-type="user" dat

This issue has been linked to a new work item: <a href="https://gus.lightning.force.co

[BUG] The 'x-api-key' header is cut off by the proxy,about salesforcecommercecloud/pwa-kit

Comments (7)

johnboxall commented on August 29, 2024 1

Hey @mix3d, when deployed to Managed Runtime, we use this header internally. We remove it to prevent conflicts with where we use it.

If your use case is:

a) making proxy requests from a browser with the header or
b) making proxy requests from the app server with the header

Then removing it from the list is a workaround.

If your use case is forwarding a specific value for it to the app server (eg. the express.js code) then it won't work.

Other work arounds include:

Not using the proxy for these requests
Routing the requests through a middleware server that changes the name of the headers to something else

We're unlikely to revisit this issue in the near term, but as we get closer to working on Secrets and Config values in Managed Runtime, we'll touch this area and see if we can address this issue.

from pwa-kit.

drewzboto commented on August 29, 2024

Thanks @aleksanderson. Can you share which API client libraries you are looking at that rely on the x-api-key header?

We stripped out this common API-gateway header for historical reasons, but we believe this is no longer needed. We would be looking at two changes:

PWA Kit code change to remove the logic stripping this out
Managed Runtime needs the corresponding change to allow this header to pass through for proxies

from pwa-kit.

johnboxall commented on August 29, 2024

A few notes for others looking at this issue while we work through a fix, to confirm the bug, I an internal testing environment: https://adn-production-us-west-1.mobify-storefront.com/

First, observe that for requests routed to the App Server, many headers are added/overwritten:

curl 'https://adn-production-us-west-1.mobify-storefront.com/' \
  -sH 'x-api-key: my-api-key' \
  | jq '.headers'

{
  "accept": "*/*",
  "cloudfront-forwarded-proto": "https",
  "cloudfront-is-desktop-viewer": "true",
  "cloudfront-is-mobile-viewer": "false",
  "cloudfront-is-tablet-viewer": "false",
  "connection": "close",
  "host": "playground-adn-production-us-west-1-sandbox-ssrserver.mobify-storefront.com",
  "if-none-match": "W/\"730-4p1eTDHfiyagW+PT6+aC2elAGgQ\"",
  "user-agent": "Amazon CloudFront",
  "via": "1.1 5c4026f5b2425caec6a876ce1acb5bd4.cloudfront.net (CloudFront)",
  "x-amz-cf-id": "g9AYEIOHg3soPU3sCdVOo30M5jJ7mo3MmFD05PoJnMKHEnrG65AisA==",
  "x-amzn-trace-id": "Root=1-629fd0b9-0a06e6b427f26d6f3dafe8ad",
  "x-api-key": "*****",
  "x-apigateway-context": "*****",
  "x-apigateway-event": "*****",
  "x-forwarded-for": "13.110.54.39, 64.252.73.200",
  "x-forwarded-port": "443",
  "x-forwarded-proto": "https"
}

A number of cloudfront- headers are added.
The Host header is updated.
The User-Agent header is updated.
via is added.
Tracing headers are added.
API Gateway headers are added including x-api-key
A number of forwarding headers are added.

If any of these headers existed before, they would be replaced!

Second, we look at the behaviour of proxies:

curl 'https://adn-production-us-west-1.mobify-storefront.com/mobify/proxy/httpbin/anything' \
  -sH 'x-api-key: my-api-key' \
  -sH 'x-my-custom-header: my-custom-header' \
  | jq '.headers'

{
  "Accept": "*/*",
  "Cloudfront-Forwarded-Proto": "https",
  "Cloudfront-Is-Desktop-Viewer": "true",
  "Cloudfront-Is-Mobile-Viewer": "false",
  "Cloudfront-Is-Smarttv-Viewer": "false",
  "Cloudfront-Is-Tablet-Viewer": "false",
  "Cloudfront-Viewer-Country": "US",
  "Host": "httpbin.org",
  "User-Agent": "Amazon CloudFront",
  "X-Amz-Cf-Id": "uXg__EEmI0iUKmKWcJw4lo0kRxiSMeujJyB8Rw21p3YfCthxbJWmnw==",
  "X-Amzn-Trace-Id": "Root=1-629fd0d3-7d9cb5a418b1992a33ae84c9",
  "X-Mobify": "true",
  "X-Mobify-Proxypath": "httpbin",
  "X-My-Custom-Header": "my-custom-header"
}

Again we forward a number of CloudFront headers
We add x-mobify headers
We actively strip x-api-key and the other headers mentioned 😢

from pwa-kit.

aleksanderson commented on August 29, 2024

@drewzboto and @johnboxall,
Thank you for confirming.

Can you share which API client libraries you are looking at that rely on the x-api-key header?

I have been recently playing around with integrating PWAKit with Uniform and, their API clients did use x-api-key header

from pwa-kit.

mix3d commented on August 29, 2024

Watching

from pwa-kit.

mix3d commented on August 29, 2024

Any update on this, @johnboxall?

We're currently manually editing our local ssr-proxying.js inside the node module folder in order to have our dev envs working.

from pwa-kit.

git2gus commented on August 29, 2024

This issue has been linked to a new work item: W-14515732

from pwa-kit.

[BUG] The 'x-api-key' header is cut off by the proxy about pwa-kit HOT 7 OPEN

Comments (7)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent