You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AFAIK, ims-lti relies on req values being x-forwarded-* aware; with express it involves setting 'trust proxy' to a truthy value.
It works for https proxy but it won't affect the host value. Although, express will set req.hostname but it doesn't include the port. ims-lti uses req.headers.host to sign the request.
If ims-lti has to use header values, there should be the option to lookup x-forwarded-* values instead.
The text was updated successfully, but these errors were encountered:
//line 7
const _HmacSha1 = require('@dinoboff/ims-lti/lib/hmac-sha1');
//line 54
class HmacSha1 extends _HmacSha1 {
protocol(req) {
if (req.headers['x-appengine-https'] === 'on') {
return 'https';
}
return super.protocol(req);
}
}
//line 108
const provider = new lti.Provider(key, secret, {
// Firebase functions is accessed via a reverse proxy. The lti signature
// validation needs to use the original hostname and not the functions
// server one.
signer: new HmacSha1({trustProxy: true}),
// Save nonces in datastore and ensure the request oauth1 nonce cannot be
// used twice.
nonceStore: database.nonceStore(key)
});
AFAIK,
ims-lti
relies onreq
values beingx-forwarded-*
aware; withexpress
it involves setting 'trust proxy' to a truthy value.It works for https proxy but it won't affect the host value. Although,
express
will setreq.hostname
but it doesn't include the port.ims-lti
usesreq.headers.host
to sign the request.If
ims-lti
has to use header values, there should be the option to lookupx-forwarded-*
values instead.The text was updated successfully, but these errors were encountered: