in aws_secretsmanager_agent/src/server.rs [223:244]
fn validate_token(&self, req: &Request<IncomingBody>) -> Result<(), HttpError> {
if req.uri().path() == "/ping" {
return Ok(());
}
// Prohibit forwarding.
let headers = req.headers();
if headers.contains_key("X-Forwarded-For") {
error!("Rejecting request with X-Forwarded-For header");
return Err(HttpError(400, "Forwarded".into()));
}
// Iterate through the headers looking for our token
for header in self.ssrf_headers.iter() {
if headers.contains_key(header) && headers[header] == self.ssrf_token.as_str() {
return Ok(());
}
}
error!("Rejecting request with incorrect SSRF token");
Err(HttpError(403, "Bad Token".into()))
}