Return correct WebHook-Allowed-Origin response header for CloudEvent schema subscriptions for gov cloud. (#47232)

Author: JoshLove-msft

sdk/eventgrid/Microsoft.Azure.WebJobs.Extensions.EventGrid/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Release History
 
+## 3.4.4 (2024-11-19)
+
+### Bugs Fixed
+
+- Return correct `WebHook-Allowed-Origin` response header for CloudEvent schema subscriptions for gov cloud.
+
 ## 3.4.3 (2024-09-10)
 
 ### Bugs Fixed

sdk/eventgrid/Microsoft.Azure.WebJobs.Extensions.EventGrid/src/Microsoft.Azure.WebJobs.Extensions.EventGrid.csproj

@@ -2,7 +2,7 @@
   <PropertyGroup>
     <TargetFrameworks>$(RequiredTargetFrameworks)</TargetFrameworks>
     <Description>This extension adds bindings for EventGrid</Description>
-    <Version>3.4.3</Version>
+    <Version>3.4.4</Version>
     <!--The ApiCompatVersion is managed automatically and should not generally be modified manually.-->
     <ApiCompatVersion>3.4.2</ApiCompatVersion>
     <NoWarn>$(NoWarn);CS1591</NoWarn>

sdk/eventgrid/Microsoft.Azure.WebJobs.Extensions.EventGrid/src/TriggerBinding/HttpRequestProcessor.cs

@@ -51,7 +51,7 @@ internal async Task<HttpResponseMessage> ProcessAsync(
                     };
                 }
                 var response = new HttpResponseMessage(HttpStatusCode.OK);
-                response.Headers.Add("Webhook-Allowed-Origin", "eventgrid.azure.net");
+                response.Headers.Add("Webhook-Allowed-Origin", GetAllowedOriginResponseHeader(req));
                 return response;
             }
 
@@ -127,5 +127,29 @@ internal async Task<HttpResponseMessage> ProcessAsync(
                 new HttpResponseMessage(HttpStatusCode.Accepted) :
                 new HttpResponseMessage(HttpStatusCode.BadRequest);
         }
+
+        private static string GetAllowedOriginResponseHeader(HttpRequestMessage req)
+        {
+            const string publicCloudOrigin = "eventgrid.azure.net";
+            const string requestOriginHeader = "WebHook-Request-Origin";
+
+            if (!req.Headers.Contains(requestOriginHeader))
+            {
+                return publicCloudOrigin;
+            }
+
+            string allowedOrigin = req.Headers.GetValues(requestOriginHeader).FirstOrDefault();
+            switch (allowedOrigin)
+            {
+                case publicCloudOrigin:
+                case "eventgrid.azure.us":
+                case "eventgrid.azure.eaglex.ic.gov":
+                case "eventgrid.azure.microsoft.scloud":
+                case "eventgrid.azure.cn":
+                    return allowedOrigin;
+                default:
+                    return publicCloudOrigin;
+            }
+        }
     }
 }

sdk/eventgrid/Microsoft.Azure.WebJobs.Extensions.EventGrid/tests/TestListener.cs

@@ -105,6 +105,40 @@ public async Task TestSubscribeOptions(string functionName)
             var request = new HttpRequestMessage(HttpMethod.Options, $"http://localhost/?functionName={functionName}");
             var response = await ext.ConvertAsync(request, CancellationToken.None);
             Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
+            // no WebHook-Request-Origin header, should fallback to public cloud
+            Assert.AreEqual("eventgrid.azure.net", response.Headers.GetValues("Webhook-Allowed-Origin").First());
+        }
+
+        [TestCase("eventgrid.azure.net")]
+        [TestCase("eventgrid.azure.us")]
+        [TestCase("eventgrid.azure.eaglex.ic.gov")]
+        [TestCase("eventgrid.azure.microsoft.scloud")]
+        [TestCase("eventgrid.azure.cn")]
+        public async Task TestSubscribeOptionsKnownAllowedOrigin(string origin)
+        {
+            using var host = TestHelpers.NewHost<MyProg1>(CreateConfigProvider);
+            var ext = host.Services.GetServices<IExtensionConfigProvider>().OfType<EventGridExtensionConfigProvider>().Single();
+            await host.StartAsync(); // add listener
+
+            var request = new HttpRequestMessage(HttpMethod.Options, $"http://localhost/?functionName=TestCloudEvent");
+            request.Headers.Add("WebHook-Request-Origin", origin);
+            var response = await ext.ConvertAsync(request, CancellationToken.None);
+            Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
+            Assert.AreEqual(origin, response.Headers.GetValues("Webhook-Allowed-Origin").First());
+        }
+
+        [Test]
+        public async Task TestSubscribeOptionsUnknownAllowedOrigin()
+        {
+            using var host = TestHelpers.NewHost<MyProg1>(CreateConfigProvider);
+            var ext = host.Services.GetServices<IExtensionConfigProvider>().OfType<EventGridExtensionConfigProvider>().Single();
+            await host.StartAsync(); // add listener
+
+            var request = new HttpRequestMessage(HttpMethod.Options, $"http://localhost/?functionName=TestCloudEvent");
+            request.Headers.Add("WebHook-Request-Origin", "someunknown.origin.com");
+            var response = await ext.ConvertAsync(request, CancellationToken.None);
+            Assert.AreEqual(HttpStatusCode.OK, response.StatusCode);
+            // Unknown origin, should fallback to public cloud
             Assert.AreEqual("eventgrid.azure.net", response.Headers.GetValues("Webhook-Allowed-Origin").First());
         }