fix(7f6e476e-M-24): Web2json: remove REQUEST-scoped User-Agent forwarding; keep outbound headers from requestBody only

adg-flare · LukaAvbreht · commit 1e921b6fef21 · 2026-04-29T12:10:12.000Z
diff --git a/src/services/web2-json-verifier.service.ts b/src/services/web2-json-verifier.service.ts
@@ -1,10 +1,4 @@
-import {
-  HttpException,
-  HttpStatus,
-  Inject,
-  Injectable,
-  Logger,
-} from '@nestjs/common';
+import { HttpException, HttpStatus, Injectable, Logger } from '@nestjs/common';
 import { ConfigService } from '@nestjs/config';
 import {
   AttestationResponseDTO_Web2Json_Response,
@@ -20,8 +14,6 @@ import { verifyWeb2Json } from '../verification/web-2-json/web2-json-verificatio
 import { BaseVerifierService } from './common/verifier-base.service';
 import { Web2JsonConfig } from 'src/config/interfaces/web2-json';
 import { IConfig } from 'src/config/interfaces/common';
-import { REQUEST } from '@nestjs/core';
-import { Request } from 'express';
 import { ProcessPoolService } from '../verification/web-2-json/process-pool.service';
 import {
   BackpressureException,
@@ -41,7 +33,6 @@ export class Web2JsonVerifierService extends BaseVerifierService<
   constructor(
     protected configService: ConfigService<IConfig>,
     private readonly processPool: ProcessPoolService,
-    @Inject(REQUEST) private readonly req: Request,
   ) {
     super(configService, 'Web2Json', VerifierType.Web2);
     this.web2JsonConfig = this.configService.get('web2JsonConfig');
@@ -85,16 +76,13 @@ export class Web2JsonVerifierService extends BaseVerifierService<
       throw new BackpressureException();
     }
 
-    // store user-agent if available
-    const userAgent: string = this.req.headers['user-agent'] || undefined;
     const sourceConfig = this.web2JsonConfig.sources.find(
       (s) => encodeAttestationName(s.sourceId) === fixedRequest.sourceId,
     );
     const result = await verifyWeb2Json(
       fixedRequest,
       this.web2JsonConfig.securityParams,
       sourceConfig,
-      userAgent,
       this.processPool,
     );
     this.logger.debug(
diff --git a/src/verification/web-2-json/validate-request.ts b/src/verification/web-2-json/validate-request.ts
@@ -36,7 +36,6 @@ export async function parseAndValidateRequest(
   request: Web2Json_Request,
   securityParams: Web2JsonSecurityParams,
   source: Web2JsonSource,
-  userAgent: string,
 ) {
   const requestBody = request.requestBody;
   let parsedUrl: URL;
@@ -56,10 +55,6 @@ export async function parseAndValidateRequest(
       securityParams.maxHeaders,
       AttestationResponseStatus.INVALID_HEADERS,
     ) ?? {};
-  // forward user-agent
-  if (userAgent) {
-    sourceHeaders['User-Agent'] = userAgent;
-  }
   // validate query params
   const sourceQueryParams =
     parseJsonWithDepthAndKeysValidation(
diff --git a/src/verification/web-2-json/web2-json-verifications.ts b/src/verification/web-2-json/web2-json-verifications.ts
@@ -44,15 +44,13 @@ export async function verifyWeb2Json(
   request: Web2Json_Request,
   securityParams: Web2JsonSecurityParams,
   source: Web2JsonSource,
-  userAgent: string | undefined,
   workerPool: ProcessPoolService,
 ): Promise<VerificationResponse<Web2Json_Response>> {
   try {
     const parsedRequest = await parseAndValidateRequest(
       request,
       securityParams,
       source,
-      userAgent,
     );
 
     const sourceResponse = await executeRequest(
