Wrong Header names in webhook based trigger

Question

Wrong Header names in webhook based trigger

the-csaba opened this issue 4 years ago · comments

Bug Description

Same headers are renamed inside the bundle.rawRequest.headers , have an unexpected Http- prefix, which makes using it hard.

Also contrary to the documentation the bundle.cleanedRequest only contains the content, no header or method access.

Example headers

{
  'Http-Host': 'hooks.zapier.com',
  'Http-X-Request-Id': '26433038c459bbb396e829c60757bab1',
  'Http-X-Real-Ip': ';redacted;',
  'Http-X-Forwarded-For': ';redacted;',
  'Http-X-Forwarded-Host': 'hooks.zapier.com',
  'Http-X-Forwarded-Port': '443',
  'Http-X-Forwarded-Proto': 'https',
  'Http-X-Scheme': 'https',
  'Http-X-Original-Forwarded-For': '35.189.17.248',
  'Content-Length': '2972',
  'Http-Accept': '*/*',
  'Http-Accept-Encoding': 'deflate, gzip',
  'Content-Type': 'application/json',
  'Http-Referer': 'https://hooks.zapier.com/hooks/standard/4208012/bfea20d2a2c1451bbccd9a5dcfb3388d/',
  'Http-User-Agent': 'WooCommerce/4.7.0 Hookshot (WordPress/5.5.3)',
  'Http-X-Wc-Webhook-Delivery-Id': '2bc1695b2762fe98193866742c246b9b',
  'Http-X-Wc-Webhook-Event': 'updated',
  'Http-X-Wc-Webhook-Id': '2622',
  'Http-X-Wc-Webhook-Resource': 'order',
  'Http-X-Wc-Webhook-Signature': 'E8QTnfh3/VrBQMQQfE71fbtWI8nQZG47WPwN2bUygT8=',
  'Http-X-Wc-Webhook-Source': ':redacted:',
  'Http-X-Wc-Webhook-Topic': 'order.updated',
  'Http-X-Wordpress-Gmt-Offset': '8'
}

Reproduction Steps

Setup a wenhook based trigger for example WooCommerce
send data to the trigger
inspect the bundle

Version Info

CLI version: 10.1.1
Node.js version: v12.19.0
OS info: darwin-x64
zapier-platform-core dependency: 10.1.1

David Brownman · Answer 1 · Wed Nov 18 2020 06:23:20 GMT+0800 (China Standard Time)

@om4csaba I think, confusingly, this is working as intended.

Those http- prefixes are added by django, our webserver. There's docs about that here.

Now, you shouldn't need to know anything about our backend to use the raw headers in your app, so we'll look into making this a little more consistent across different trigger and action types. At the very least, we could document it better.

Csaba Maulis · Answer 2 · Wed Nov 18 2020 13:30:06 GMT+0800 (China Standard Time)

Please consider adding get() method to the bundle.rawRequest.headers similarly as the response.headers

See #178 (comment)

Csaba Maulis · Answer 3 · Wed May 26 2021 16:38:09 GMT+0800 (China Standard Time)

For further information, maybe because the HTTP headers are case insensitive by the standard, the Incoming headers unexpectedly mixing the character case.

In our integration, we are sending X-WordPress-GMT-Offset and receiving Http-X-Wordpress-Gmt-Offset. This only important because array keys case sensitive in JavaScript.

Matt Bryson · Answer 4 · Wed Jul 21 2021 01:07:24 GMT+0800 (China Standard Time)

Battled with this today.

Ended up writing a little util to normalise the headers, so you can use the correct header names. Nothing fancy, (wont work if your headers do start with http- ) - but might come in handy for someone...

function getHeaders(bundle:Bundle) {
  const headers = bundle.rawRequest?.headers || {};
  const normalisedHeaders:Record<string, string> = {};
  Object.keys(headers).forEach(key=> {
    let normalisedKey = key.toLowerCase();
    const prefix = 'http-';
    if(normalisedKey.startsWith(prefix)) {
      normalisedKey = normalisedKey.slice(prefix.length);
    }
    normalisedHeaders[normalisedKey] = headers[key];
  });

  return normalisedHeaders;
}

function performSomething(z:ZObject, bundle:Bundle):void {
  const headers = getHeaders(bundle);
  const nonce = headers['x-webhook-signature-nonce'];

// do more stuff....
}