Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refused to set unsafe header "host" #1049

Open
raurir opened this issue Sep 26, 2024 · 2 comments
Open

Refused to set unsafe header "host" #1049

raurir opened this issue Sep 26, 2024 · 2 comments
Assignees
@jessieweiyi
Labels
need triage

Comments

@raurir
Copy link

raurir commented Sep 26, 2024

We get multiple errors in our app using useSigV4Client

The error is Refused to set unsafe header "host" on every request.

It stems from this line of code:

https://github.com/aws/aws-northstar/blob/main/packages/ui/src/components/CognitoAuth/hooks/useSigv4Client/utils/awsSigv4Fetch/index.ts#L59

We have monkey patched this by adding delete signedRequest.headers['host'], which seems very unsafe. Is there a better solution?

Thank you.
@jessieweiyi jessieweiyi self-assigned this Sep 29, 2024
@maythetrusstbewithme
Copy link

Is there any update on this? It has been sitting for a month without triage.

@jessieweiyi
Copy link
Contributor

jessieweiyi commented Nov 11, 2024
edited
Loading

Hi @maythetrusstbewithme sorry for the late reply.

We set the host value for Sigv4 signing as it is required in the SignedHeader at here

However, for chrome, setting of header is not allowed due to an open bug. In modern browser, we do not need to set the host header for http request as it is set by the browser. I did not see any risk on deleting it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jessieweiyi jessieweiyi

Labels
need triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@raurir @jessieweiyi @maythetrusstbewithme