Skip to content

Commit c0ae98a

Browse files
add policy to remove authorization header
1 parent 4f99512 commit c0ae98a

File tree

3 files changed

+23
-6
lines changed

3 files changed

+23
-6
lines changed

src/AzureAppConfigurationImpl.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ import { FeatureFlagTracingOptions } from "./requestTracing/FeatureFlagTracingOp
6262
import { AIConfigurationTracingOptions } from "./requestTracing/AIConfigurationTracingOptions.js";
6363
import { KeyFilter, LabelFilter, SettingSelector } from "./types.js";
6464
import { ConfigurationClientManager } from "./ConfigurationClientManager.js";
65-
import { CDN_TOKEN_LOOKUP_HEADER, calculateResourceDeletedCacheConsistencyToken } from "./cdnTokenPipelinePolicy.js";
65+
import { CDN_TOKEN_LOOKUP_HEADER, calculateResourceDeletedCacheConsistencyToken } from "./azureFrontDoor/cdnRequestPipelinePolicy.js";
6666
import { getFixedBackoffDuration, getExponentialBackoffDuration } from "./common/backoffUtils.js";
6767
import { InvalidOperationError, ArgumentError, isFailoverableError, isInputError } from "./common/error.js";
6868

src/cdnTokenPipelinePolicy.ts renamed to src/azureFrontDoor/cdnRequestPipelinePolicy.ts

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
// Licensed under the MIT license.
33

44
import { PipelinePolicy } from "@azure/core-rest-pipeline";
5-
import { getCryptoModule } from "./common/utils.js";
5+
import { getCryptoModule } from "../common/utils.js";
66

77
const CDN_TOKEN_QUERY_PARAMETER = "_";
88
const RESOURCE_DELETED_PREFIX = "ResourceDeleted";
@@ -54,3 +54,19 @@ export async function calculateResourceDeletedCacheConsistencyToken(etag: string
5454
return hash.toString("base64url");
5555
}
5656
}
57+
58+
/**
59+
* The pipeline policy that remove the authorization header from the request to allow anonymous access to the Azure Front Door.
60+
* @remarks
61+
* The policy position should be perRetry, since it should be executed after the "Sign" phase: https://github.com/Azure/azure-sdk-for-js/blob/main/sdk/core/core-client/src/serviceClient.ts
62+
*/
63+
export class AnonymousRequestPipelinePolicy implements PipelinePolicy {
64+
name: string = "AppConfigurationAnonymousRequestPolicy";
65+
66+
async sendRequest(request, next) {
67+
if (request.headers.has("authorization")) {
68+
request.headers.delete("authorization");
69+
}
70+
return next(request);
71+
}
72+
}

src/load.ts

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,15 +6,15 @@ import { AzureAppConfiguration } from "./AzureAppConfiguration.js";
66
import { AzureAppConfigurationImpl } from "./AzureAppConfigurationImpl.js";
77
import { AzureAppConfigurationOptions } from "./AzureAppConfigurationOptions.js";
88
import { ConfigurationClientManager } from "./ConfigurationClientManager.js";
9-
import { CdnTokenPipelinePolicy } from "./cdnTokenPipelinePolicy.js";
9+
import { CdnTokenPipelinePolicy, AnonymousRequestPipelinePolicy } from "./azureFrontDoor/cdnRequestPipelinePolicy.js";
1010
import { instanceOfTokenCredential } from "./common/utils.js";
1111
import { ArgumentError } from "./common/error.js";
1212

1313
const MIN_DELAY_FOR_UNHANDLED_ERROR: number = 5_000; // 5 seconds
1414

15-
// Empty token credential to be used when loading from CDN
15+
// Empty token credential to be used when loading from Azure Front Door
1616
const emptyTokenCredential: TokenCredential = {
17-
getToken: async () => ({ token: "", expiresOnTimestamp: 0 })
17+
getToken: async () => ({ token: "", expiresOnTimestamp: Number.MAX_SAFE_INTEGER })
1818
};
1919

2020
/**
@@ -93,7 +93,8 @@ export async function loadFromAzureFrontDoor(
9393
// Add etag url policy to append etag to the request url for breaking CDN cache
9494
additionalPolicies: [
9595
...(appConfigOptions.clientOptions?.additionalPolicies || []),
96-
{ policy: new CdnTokenPipelinePolicy(), position: "perCall" }
96+
{ policy: new CdnTokenPipelinePolicy(), position: "perCall" },
97+
{ policy: new AnonymousRequestPipelinePolicy(), position: "perRetry" }
9798
]
9899
};
99100

0 commit comments

Comments
 (0)