proxy: signer should ignore empty string values

Author: jphines

internal/proxy/request_signer.go

@@ -96,8 +96,8 @@ func NewRequestSigner(signingKeyPemStr string) (*RequestSigner, error) {
 //   <URL>
 //   <BODY>
 //  where:
-//    <HEADER.k> is the ','-joined concatenation of all header values of `signedHeaders[k]`; all
-//      other headers in the request are ignored,
+//    <HEADER.k> is the ','-joined concatenation of all header values of `signedHeaders[k]`; empty
+//      values such as '' and all other headers in the request are ignored,
 //    <URL> is the string "<PATH>(?<QUERY>)(#FRAGMENT)", where "?<QUERY>" and "#<FRAGMENT>" are
 //      ommitted if the associated components are absent from the request URL,
 //    <BODY> is the body of the Request (may be `nil`; e.g. for GET requests).
@@ -109,7 +109,8 @@ func mapRequestToHashInput(req *http.Request) (string, error) {
 
 	// Add signed headers.
 	for _, hdr := range signedHeaders {
-		if hdrValues := req.Header[hdr]; len(hdrValues) > 0 {
+		hdrValues := removeEmpty(req.Header[hdr])
+		if len(hdrValues) > 0 {
 			entries = append(entries, strings.Join(hdrValues, ","))
 		}
 	}
@@ -189,3 +190,13 @@ func (signer RequestSigner) Sign(req *http.Request) error {
 func (signer RequestSigner) PublicKey() (string, string) {
 	return signer.publicKeyID, signer.publicKeyStr
 }
+
+func removeEmpty(s []string) []string {
+	r := []string{}
+	for _, str := range s {
+		if len(str) > 0 {
+			r = append(r, str)
+		}
+	}
+	return r
+}

internal/proxy/request_signer_test.go

@@ -27,6 +27,7 @@ func addHeaders(req *http.Request, examples []string, extras map[string][]string
 		"Content-Type":       {"application/json"},
 		"Date":               {"2018-11-08"},
 		"Authorization":      {"Bearer ab12cd34"},
+		"Cookie":             {""},
 		"X-Forwarded-User":   {"octoboi"},
 		"X-Forwarded-Email":  {"[email protected]"},
 		"X-Forwarded-Groups": {"molluscs", "security_applications"},