mirror of
https://github.com/fjogeleit/http-request-action.git
synced 2024-10-05 23:24:14 -04:00
Frank Jogeleit
GitHub
parent
31fad16908
commit
046e838b3a
2 changed files with 96 additions and 90 deletions
37
dist/index.js
vendored
37
dist/index.js
vendored
|
|
@ -4158,10 +4158,21 @@ RedirectableRequest.prototype._processResponse = function (response) {
|
|||
// the user agent MAY automatically redirect its request to the URI
|
||||
// referenced by the Location field value,
|
||||
// even if the specific status code is not understood.
|
||||
|
||||
// If the response is not a redirect; return it as-is
|
||||
var location = response.headers.location;
|
||||
if (location && this._options.followRedirects !== false &&
|
||||
statusCode >= 300 && statusCode < 400) {
|
||||
// Abort the current request
|
||||
if (!location || this._options.followRedirects === false ||
|
||||
statusCode < 300 || statusCode >= 400) {
|
||||
response.responseUrl = this._currentUrl;
|
||||
response.redirects = this._redirects;
|
||||
this.emit("response", response);
|
||||
|
||||
// Clean up
|
||||
this._requestBodyBuffers = [];
|
||||
return;
|
||||
}
|
||||
|
||||
// The response is a redirect, so abort the current request
|
||||
abortRequest(this._currentRequest);
|
||||
// Discard the remainder of the response to avoid waiting for data
|
||||
response.destroy();
|
||||
|
|
@ -4214,8 +4225,12 @@ RedirectableRequest.prototype._processResponse = function (response) {
|
|||
var redirectUrlParts = url.parse(redirectUrl);
|
||||
Object.assign(this._options, redirectUrlParts);
|
||||
|
||||
// Drop the confidential headers when redirecting to another domain
|
||||
if (!(redirectUrlParts.host === currentHost || isSubdomainOf(redirectUrlParts.host, currentHost))) {
|
||||
// Drop confidential headers when redirecting to a less secure protocol
|
||||
// or to a different domain that is not a superdomain
|
||||
if (redirectUrlParts.protocol !== currentUrlParts.protocol &&
|
||||
redirectUrlParts.protocol !== "https:" ||
|
||||
redirectUrlParts.host !== currentHost &&
|
||||
!isSubdomain(redirectUrlParts.host, currentHost)) {
|
||||
removeMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers);
|
||||
}
|
||||
|
||||
|
|
@ -4239,16 +4254,6 @@ RedirectableRequest.prototype._processResponse = function (response) {
|
|||
catch (cause) {
|
||||
this.emit("error", new RedirectionError(cause));
|
||||
}
|
||||
}
|
||||
else {
|
||||
// The response is not a redirect; return it as-is
|
||||
response.responseUrl = this._currentUrl;
|
||||
response.redirects = this._redirects;
|
||||
this.emit("response", response);
|
||||
|
||||
// Clean up
|
||||
this._requestBodyBuffers = [];
|
||||
}
|
||||
};
|
||||
|
||||
// Wraps the key/value object of protocols with redirect functionality
|
||||
|
|
@ -4381,7 +4386,7 @@ function abortRequest(request) {
|
|||
request.abort();
|
||||
}
|
||||
|
||||
function isSubdomainOf(subdomain, domain) {
|
||||
function isSubdomain(subdomain, domain) {
|
||||
const dot = subdomain.length - domain.length - 1;
|
||||
return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain);
|
||||
}
|
||||
|
|
|
|||
13
package-lock.json
generated
13
package-lock.json
generated
|
|
@ -5,6 +5,7 @@
|
|||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "http-request-action",
|
||||
"version": "1.9.0",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
|
|
@ -76,9 +77,9 @@
|
|||
}
|
||||
},
|
||||
"node_modules/follow-redirects": {
|
||||
"version": "1.14.8",
|
||||
"resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.8.tgz",
|
||||
"integrity": "sha512-1x0S9UVJHsQprFcEC/qnNzBLcIxsjAV905f/UkQxbclCsoTWlacCNOpQa/anodLl2uaEKFhfWOvM2Qg77+15zA==",
|
||||
"version": "1.14.9",
|
||||
"resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.9.tgz",
|
||||
"integrity": "sha512-MQDfihBQYMcyy5dhRDJUHcw7lb2Pv/TuE6xP1vyraLukNDHKbDxDNaOE3NbCAdKQApno+GPRyo1YAp89yCjK4w==",
|
||||
"funding": [
|
||||
{
|
||||
"type": "individual",
|
||||
|
|
@ -187,9 +188,9 @@
|
|||
"integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk="
|
||||
},
|
||||
"follow-redirects": {
|
||||
"version": "1.14.8",
|
||||
"resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.8.tgz",
|
||||
"integrity": "sha512-1x0S9UVJHsQprFcEC/qnNzBLcIxsjAV905f/UkQxbclCsoTWlacCNOpQa/anodLl2uaEKFhfWOvM2Qg77+15zA=="
|
||||
"version": "1.14.9",
|
||||
"resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.9.tgz",
|
||||
"integrity": "sha512-MQDfihBQYMcyy5dhRDJUHcw7lb2Pv/TuE6xP1vyraLukNDHKbDxDNaOE3NbCAdKQApno+GPRyo1YAp89yCjK4w=="
|
||||
},
|
||||
"form-data": {
|
||||
"version": "4.0.0",
|
||||
|
|
|
|||
Loading…
Reference in a new issue