Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support x-forwarded-host header #67

Open
dinoboff opened this issue Aug 3, 2017 · 1 comment
Open

Support x-forwarded-host header #67

dinoboff opened this issue Aug 3, 2017 · 1 comment

Comments

@dinoboff
Copy link

dinoboff commented Aug 3, 2017

AFAIK, ims-lti relies on req values being x-forwarded-* aware; with express it involves setting 'trust proxy' to a truthy value.

It works for https proxy but it won't affect the host value. Although, express will set req.hostname but it doesn't include the port. ims-lti uses req.headers.host to sign the request.

If ims-lti has to use header values, there should be the option to lookup x-forwarded-* values instead.

@borrey
Copy link

borrey commented Sep 13, 2018

Best workout around I found was from @FeynmanDNA https://github.com/NUS-ALSET/firebase-lti/blob/master/functions/lib/server.js

The important details are here extracted here:

//line 7
const _HmacSha1 = require('@dinoboff/ims-lti/lib/hmac-sha1');
//line 54
class HmacSha1 extends _HmacSha1 {
  protocol(req) {
    if (req.headers['x-appengine-https'] === 'on') {
      return 'https';
    }
    return super.protocol(req);
  }
}
//line 108
const provider = new lti.Provider(key, secret, {
      // Firebase functions is accessed via a reverse proxy. The lti signature
      // validation needs to use the original hostname and not the functions
      // server one.
      signer: new HmacSha1({trustProxy: true}),
      // Save nonces in datastore and ensure the request oauth1 nonce cannot be
      // used twice.
      nonceStore: database.nonceStore(key)
 });

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants