Re: [PR] kie-issues#2209: CORS Proxy sometimes break with gzip encoded responses [incubator-kie-tools]

Thu, 22 Jan 2026 07:47:31 -0800 


thiagoelg commented on code in PR #3395:
URL: 
https://github.com/apache/incubator-kie-tools/pull/3395#discussion_r2717477560


##########
packages/cors-proxy/src/proxy/ExpressCorsProxy.ts:
##########
@@ -60,26 +59,33 @@ export class ExpressCorsProxy implements CorsProxy<Request, 
Response> {
       this.logger.debugEscapeNewLines("Request Method: ", req.method);
       this.logger.debugEscapeNewLines("Request Headers: ", req.headers);
 
-      // Creating the headers for the new request
+      // Build outgoing headers
       const outHeaders: Record<string, string> = { 
...info?.corsConfig?.customHeaders };
 
       Object.keys(req.headers).forEach((header) => {
         if (!BANNED_PROXY_HEADERS.includes(header) && !outHeaders[header]) {
           if (!info.corsConfig || 
info.corsConfig.allowHeaders.includes(header)) {
-            outHeaders[header] = req.headers[header] as string;
+            const value = req.headers[header];
+            // header value can be string | string[] | undefined
+            if (Array.isArray(value)) {
+              outHeaders[header] = value.join(", ");
+            } else if (typeof value === "string") {
+              outHeaders[header] = value;
+            }
           }
         }
       });
 
-      // TO DO: Figure out why this gzip encoding is broken with insecure tls 
certificates!
-      if 
(req.headers[CorsProxyHeaderKeys.INSECURELY_DISABLE_TLS_CERTIFICATE_VALIDATION] 
=== "true") {
-        outHeaders["accept-encoding"] = "identity";
-      }
       // Force uncompressed response if encoding is disabled via header
       if (req.headers[CorsProxyHeaderKeys.DISABLE_ENCODING] === "true") {
         outHeaders["accept-encoding"] = "identity";

Review Comment:
   But if I comment out the `res.removeHeader("content-encoding");` line from 
CORS Proxy, then the request fails with `net::ERR_CONTENT_DECODING_FAILED 200 
(OK)`.
   <img width="3008" height="1625" alt="image" 
src="https://github.com/user-attachments/assets/bc8ae922-2e21-4614-af59-3debd6536294";
 />
   
   
   But I think that makes sense, as `node-fetch` in CORS Proxy is already 
decompressing the response and returning raw data to the browser.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to