From f890f59d43bb4b47731962973c5c5dedd3850778 Mon Sep 17 00:00:00 2001
From: mrjvs <jellevs@gmail.com>
Date: Mon, 16 Oct 2023 20:01:29 +0200
Subject: [PATCH] remove cf internal headers before proxying

---
 src/routes/index.ts  |  7 ++++++-
 src/utils/headers.ts | 22 ++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/src/routes/index.ts b/src/routes/index.ts
index b134611..1a48794 100644
--- a/src/routes/index.ts
+++ b/src/routes/index.ts
@@ -1,4 +1,8 @@
-import { getProxyHeaders, getAfterResponseHeaders } from '@/utils/headers';
+import {
+  getProxyHeaders,
+  getAfterResponseHeaders,
+  cleanupHeadersBeforeProxy,
+} from '@/utils/headers';
 
 export default defineEventHandler(async (event) => {
   // handle cors, if applicable
@@ -16,6 +20,7 @@ export default defineEventHandler(async (event) => {
     });
 
   // proxy
+  cleanupHeadersBeforeProxy(event);
   await proxyRequest(event, destination, {
     fetchOptions: {
       redirect: 'follow',
diff --git a/src/utils/headers.ts b/src/utils/headers.ts
index 8699e0a..23f52f5 100644
--- a/src/utils/headers.ts
+++ b/src/utils/headers.ts
@@ -1,3 +1,13 @@
+import { H3Event } from 'h3';
+
+const blacklistedHeaders = [
+  'cf-connecting-ip',
+  'cf-worker',
+  'cf-ray',
+  'cf-visitor',
+  'cf-ew-via',
+];
+
 function copyHeader(
   headers: Headers,
   outputHeaders: Headers,
@@ -44,3 +54,15 @@ export function getAfterResponseHeaders(
     'X-Final-Destination': finalUrl,
   };
 }
+
+export function removeHeadersFromEvent(event: H3Event, key: string) {
+  const normalizedKey = key.toLowerCase();
+  if (event.node.req.headers[normalizedKey])
+    delete event.node.req.headers[normalizedKey];
+}
+
+export function cleanupHeadersBeforeProxy(event: H3Event) {
+  blacklistedHeaders.forEach((key) => {
+    removeHeadersFromEvent(event, key);
+  });
+}