Skip to content

Implement suggested @cellix/service-blob-storage enhancements #291

Description

@nnoce14
  1. suggestion (bug_risk): Canonical header trimming doesn’t fully match Azure’s normalization rules.

packages/cellix/service-blob-storage/src/auth-header-generator.ts

The spec requires trimming leading/trailing whitespace on header values and collapsing sequential spaces into a single space. This implementation only uses trimEnd() on the name and trimStart() on the value, and doesn’t normalize internal whitespace, which can make signatures fragile if callers pass in preformatted headers. Consider using trim() on both the header name and value, and optionally normalizing internal runs of spaces in values to fully match Azure’s rules.

Suggested implementation:

	 * 5. Trim leading/trailing whitespace on header names and values
	 * 6. Collapse sequential whitespace in values to a single space
	 * 7. Append newline to each
	 */
		// Format as "name:value\n"
		return unique
			.map(([name, value]) => {
				const normalizedName = name.trim();
				const normalizedValue = value
					.trim()
					.replace(/\s+/g, ' ');

				return `${normalizedName}:${normalizedValue}\n`;
			})
			.join(''); 
  1. question (bug_risk): Including blob-type and content-length for GET requests may be stricter than necessary.

packages/cellix/service-blob-storage/src/client-upload-signer.ts

	private createAuthorizationHeader(request: CreateBlobAuthorizationHeaderRequest, method: 'PUT' | 'GET'): BlobUploadAuthorizationHeader {
		const url = this.buildBlobUrl(request.containerName, request.blobName);

		// Build headers dict for signing
		const headers: Record<string, string> = {

Because createAuthorizationHeader always includes x-ms-blob-type, Content-Type, and Content-Length (even for GET), consumers must send these exact headers on their GET requests or the signature will not match. Consider either branching on HTTP method so GET signatures only cover the minimal required headers, or clearly documenting that clients must include these same headers on GET requests for the auth to succeed.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Fields

No fields configured for Feature.

Projects

Status
Todo

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions