Closed
Description
openedon Mar 8, 2022
Which service(blob, file, queue, table) does this issue concern?
blob
Which version of the Azurite was used?
3.16
Where do you get Azurite? (npm, DockerHub, NuGet, Visual Studio Code Extension)
npm
What's the Node.js version?
16
What problem was encountered? When using azurite with @azure/storage-blob, BlobSharedKeyAuthenticator fails to validate signature due to case-sensitive header lookup
Steps to reproduce the issue?
Found when investigating Azure/azure-sdk-for-js#20690
Steps to reproduce the behavior:
- Clone repro case from https://github.com/nulltoken/AppInsights-azure-storage-blob-repro-case
- yarn
- yarn azurite:start (with loose mode enabled)
- yarn test
Debug logs are provided for both a healthy case (using lowercased headers) and a repro case (using original header casing)
debug_healthy.log
debug_repro.log
Have you found a mitigation/solution?
Downgrading to @azure/core-http@2.2.2 works as a mitigation, but is not possible for everyone.
According to the http spec and MDN, header names are case-insensitive. but it does not seem to be the case when using azurite to fetch the header fields used to create the signature in BlobSharedKeyAuthenticator and possible others, leading to failure to authenticate as shown in the attached logs...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment