Skip to content

Commit

Permalink
ARSN-387: check for forwarded proto header
Browse files Browse the repository at this point in the history
  • Loading branch information
Will Toozs committed Jan 19, 2024
1 parent 477a574 commit 37a29f0
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion lib/policyEvaluator/utils/conditions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ export function findConditionKey(
case 'aws:referer': return headers.referer;
// aws:SecureTransport – Used to check whether the request was sent
// using SSL (see Boolean Condition Operators).
case 'aws:SecureTransport': return requestContext.getSslEnabled() ? 'true' : 'false';
case 'aws:SecureTransport': return headers['x-forwarded-proto'] === 'https' ? 'true' : 'false';
// aws:SourceArn – Used check the source of the request,
// using the ARN of the source. N/A here.
case 'aws:SourceArn': return undefined;
Expand Down
2 changes: 1 addition & 1 deletion lib/policyEvaluator/utils/variables.ts
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ function findVariable(variable: string, requestContext: RequestContext): string
// aws:SecureTransport is boolean value that represents whether the
// request was sent using SSL
map.set('aws:SecureTransport',
requestContext.getSslEnabled() ? 'true' : 'false');
headers['x-forwarded-proto'] === 'https' ? 'true' : 'false');
// aws:SourceIp is requester's IP address, for use with IP address
// conditions
map.set('aws:SourceIp', requestContext.getRequesterIp());
Expand Down

0 comments on commit 37a29f0

Please sign in to comment.