fix to treat IDToken header as case-insensitive (#144)

Signed-off-by: Shikugawa <[email protected]>
istio-ecosystem · Jun 23, 2021 · 0a7227b · 0a7227b
1 parent c0a99e3
commit 0a7227b
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/src/config/BUILD b/src/config/BUILD
@@ -13,5 +13,6 @@ xx_library(
         "//src/common/http:http",
         "@com_github_abseil-cpp//absl/strings:strings",
         "@com_github_gabime_spdlog//:spdlog",
+        "@envoy//source/common/http:header_map_lib",
     ],
 )
diff --git a/src/config/get_config.cc b/src/config/get_config.cc
@@ -9,6 +9,7 @@
 #include <memory>
 
 #include "config/config.pb.validate.h"
+#include "envoy/http/header_map.h"
 #include "spdlog/spdlog.h"
 #include "src/common/http/http.h"
 
@@ -141,6 +142,15 @@ unique_ptr<Config> GetConfig(const string& configFileName) {
 
   ConfigValidator::ValidateAll(*config);
 
+  // Check case-intensive properties
+  for (auto& filter_chain : *config->mutable_chains()) {
+    for (auto& filter : *filter_chain.mutable_filters()) {
+      const auto lower_header =
+          Envoy::Http::LowerCaseString(filter.oidc().id_token().header());
+      filter.mutable_oidc()->mutable_id_token()->set_header(lower_header.get());
+    }
+  }
+
   return config;
 }
 

diff --git a/test/config/getconfig_test.cc b/test/config/getconfig_test.cc
@@ -378,7 +378,7 @@ TEST_F(GetConfigTest, OverrideOIDCConfigSuccess) {
               "jwks": "default_jwk",
               "id_token": {
                 "preamble": "Bearer",
-                "header": "authorization"
+                "header": "Authorization"
               },
               "client_id": "test-istio",
               "client_secret": "xxxxx-yyyyy-zzzzz"