From 06b448cfaf5211390bdaa31abe671a63a8261e16 Mon Sep 17 00:00:00 2001 From: Enrico Regge Date: Fri, 22 Nov 2024 14:05:08 +0100 Subject: [PATCH] adding a header check --- hello/server.js | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/hello/server.js b/hello/server.js index c06144a8..3526e40b 100644 --- a/hello/server.js +++ b/hello/server.js @@ -2,8 +2,18 @@ const http = require("http"); http .createServer(function (request, response) { + + // + // If the app has been configured to check the CIS secret, + // make sure that the request header value 'x-cis-secret' matches the configured secret. + // If it doesn't match, assume that the request bypassed the CIS firewall and reject it. + if(process.env.CIS_SECRET && request.headers['x-cis-secret'] !== process.env.CIS_SECRET){ + response.writeHead(403); + return response.end(); + } + // - // debug endpoint, which prints all incoming headers and environment variables + // Debug endpoint, which prints all incoming headers and environment variables if (request.url == "/debug") { const respData = { headers: request.headers, @@ -17,7 +27,7 @@ http } // - // default http endpoint, which prints a simple hello world + // Default http endpoint, which prints a simple hello world target = process.env.TARGET ? process.env.TARGET : "World"; msg = process.env.MSG ? process.env.MSG : "Hello " + target + "\n"; response.writeHead(200, { "Content-Type": "text/plain" });