diff --git a/openvidu-call/openvidu-call-back-java/src/main/java/io/openvidu/call/java/services/ProxyService.java b/openvidu-call/openvidu-call-back-java/src/main/java/io/openvidu/call/java/services/ProxyService.java index 28183a2b..827460f1 100644 --- a/openvidu-call/openvidu-call-back-java/src/main/java/io/openvidu/call/java/services/ProxyService.java +++ b/openvidu-call/openvidu-call-back-java/src/main/java/io/openvidu/call/java/services/ProxyService.java @@ -1,7 +1,9 @@ package io.openvidu.call.java.services; +import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; +import java.util.Arrays; import java.util.Enumeration; import javax.servlet.http.HttpServletRequest; @@ -9,13 +11,8 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; -import org.springframework.http.HttpEntity; -import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpMethod; -import org.springframework.http.ResponseEntity; -import org.springframework.http.client.BufferingClientHttpRequestFactory; -import org.springframework.http.client.ClientHttpRequestFactory; -import org.springframework.http.client.SimpleClientHttpRequestFactory; +import org.springframework.http.*; +import org.springframework.http.client.*; import org.springframework.stereotype.Service; import org.springframework.web.client.HttpStatusCodeException; import org.springframework.web.client.RestTemplate; @@ -26,7 +23,7 @@ public class ProxyService { @Value("${OPENVIDU_URL}") public String OPENVIDU_URL; - + @Autowired private OpenViduService openviduService; @@ -36,7 +33,7 @@ public class ProxyService { String requestUrl = request.getRequestURI(); URI uri = UriComponentsBuilder.fromUriString(OPENVIDU_URL).path(requestUrl).query(request.getQueryString()).build(true).toUri(); - + HttpHeaders headers = new HttpHeaders(); Enumeration headerNames = request.getHeaderNames(); @@ -44,14 +41,21 @@ public class ProxyService { String headerName = headerNames.nextElement(); headers.set(headerName, request.getHeader(headerName)); } - - headers.add("Authorization", this.openviduService.getBasicAuth()); + headers.add("Authorization", this.openviduService.getBasicAuth()); + headers.remove("Cookie"); headers.remove(HttpHeaders.ACCEPT_ENCODING); HttpEntity httpEntity = new HttpEntity<>(null, headers); ClientHttpRequestFactory factory = new BufferingClientHttpRequestFactory(new SimpleClientHttpRequestFactory()); RestTemplate restTemplate = new RestTemplate(factory); + + restTemplate.setInterceptors(Arrays.asList((requestIntercept, body, execution) -> { + ClientHttpResponse responseIntercept = execution.execute(requestIntercept, body); + responseIntercept.getHeaders().remove("set-cookie"); + return responseIntercept; + })); + try { return restTemplate.exchange(uri, HttpMethod.GET, httpEntity, byte[].class); diff --git a/openvidu-call/openvidu-call-back/src/controllers/RecordingController.ts b/openvidu-call/openvidu-call-back/src/controllers/RecordingController.ts index 78de3a7f..676024e4 100644 --- a/openvidu-call/openvidu-call-back/src/controllers/RecordingController.ts +++ b/openvidu-call/openvidu-call-back/src/controllers/RecordingController.ts @@ -143,6 +143,7 @@ export const proxyGETRecording = createProxyMiddleware({ onProxyReq: (proxyReq, req: Request, res: Response) => { const isAdminDashboard = openviduService.adminTokens.includes(req['session'].token); const sessionId = openviduService.getSessionIdFromCookie(req.cookies); + proxyReq.removeHeader('Cookie'); if ((!!sessionId && openviduService.isValidToken(sessionId, req.cookies)) || isAdminDashboard) { const recordingId: string = req.params.recordingId; if (!recordingId) { @@ -155,6 +156,9 @@ export const proxyGETRecording = createProxyMiddleware({ return res.status(403).send(JSON.stringify({ message: 'Permissions denied to drive recording' })); } }, + onProxyRes: (proxyRes, req: Request, res: Response) => { + proxyRes.headers['set-cookie'] = null; + }, onError: (error, req: Request, res: Response) => { console.log(error); const code = Number(error?.message);