Merge pull request #143 from IBM/adjust-hello-sample

Adding a header check
IBM · Nov 22, 2024 · e8a94f1 · e8a94f1
2 parents 2c6cba8 + 06b448c
commit e8a94f1
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/hello/server.js b/hello/server.js
@@ -2,8 +2,18 @@ const http = require("http");
 
 http
   .createServer(function (request, response) {
+
+    //
+    // If the app has been configured to check the CIS secret, 
+    // make sure that the request header value 'x-cis-secret' matches the configured secret.
+    // If it doesn't match, assume that the request bypassed the CIS firewall and reject it.
+    if(process.env.CIS_SECRET && request.headers['x-cis-secret'] !== process.env.CIS_SECRET){
+      response.writeHead(403);
+      return response.end();
+    }
+
     //
-    // debug endpoint, which prints all incoming headers and environment variables
+    // Debug endpoint, which prints all incoming headers and environment variables
     if (request.url == "/debug") {
       const respData = {
         headers: request.headers,
@@ -17,7 +27,7 @@ http
     }
 
     //
-    // default http endpoint, which prints a simple hello world
+    // Default http endpoint, which prints a simple hello world
     target = process.env.TARGET ? process.env.TARGET : "World";
     msg = process.env.MSG ? process.env.MSG : "Hello " + target + "\n";
     response.writeHead(200, { "Content-Type": "text/plain" });