Compare Engine reporting's privateHeaders case-insensitively, as do…

…cumented. The documentation for `privateHeaders`[[0]] suggests that it is case-insensitive. While that statement is true, and the incoming header is lower-cased before checking it against the `privateHeaders` configuration, it assumed that the headers in the `privateHeaders` object were specified in lower-case. This changes the comparison to lower-case both sides prior to determining equality. [0]: https://github.com/apollographql/apollo-server/blob/abb8dc58/packages/apollo-engine-reporting/src/agent.ts#L67-L70 Fixes: #2273
apollographql · Feb 6, 2019 · 927fe47 · 927fe47
1 parent 3dfbfcc
commit 927fe47
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/packages/apollo-engine-reporting/src/extension.ts b/packages/apollo-engine-reporting/src/extension.ts
@@ -129,7 +129,10 @@ export class EngineReportingExtension<TContext = any>
           // We assume that most users only have a few private headers, or will
           // just set privateHeaders to true; we can change this linear-time
           // operation if it causes real performance issues.
-          this.options.privateHeaders.includes(key.toLowerCase())
+          this.options.privateHeaders.some((privateHeader) => {
+            // Headers are case-insensitive, and should be compared as such.
+            return privateHeader.toLowerCase() === key.toLowerCase();
+          })
         ) {
           continue;
         }