We've encountered a bug with the non-success proxy behaviour from nango.
When we get a non-success response with the header transfer-encoding included , nango just copies all the headers and sends them with Express, which itself will automatically include content-length header as well.
|
const responseHeaders = error.response?.headers || {}; |
|
void logCtx.error('Failed with this body', { body: parsedBody }); |
|
|
|
res.status(responseStatus).set(responseHeaders).send(data); |
These two are mutually exclusive as per RFC 7230 §3.3.2. and should not be in the same response.
These headers are rejected by Axios and throws, which is bad handling from axios but that's besides the point.
There might be other headers that should be filtered maybe security wise but this is the one causing a problem for us.
We've encountered a bug with the non-success proxy behaviour from nango.
When we get a non-success response with the header
transfer-encodingincluded , nango just copies all the headers and sends them with Express, which itself will automatically includecontent-lengthheader as well.nango/packages/server/lib/controllers/proxy/allProxy.ts
Lines 538 to 541 in 91fa977
These two are mutually exclusive as per RFC 7230 §3.3.2. and should not be in the same response.
These headers are rejected by Axios and throws, which is bad handling from axios but that's besides the point.
There might be other headers that should be filtered maybe security wise but this is the one causing a problem for us.