actions/http-request-action
actions/http-request-action
2
0
Fork 0
mirror of https://github.com/fjogeleit/http-request-action.git synced 2025-06-06 22:57:55 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Dependency Update (#41)

Browse Source 
Dependency Update
This commit is contained in:
Frank Jogeleit 2022-03-04 11:20:10 +01:00 committed by GitHub
parent 31fad16908
commit 046e838b3a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 96 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
dist/index.js vendored
View File

@ -4158,10 +4158,21 @@ RedirectableRequest.prototype._processResponse = function (response) {
// the user agent MAY automatically redirect its request to the URI // the user agent MAY automatically redirect its request to the URI
// referenced by the Location field value, // referenced by the Location field value,
// even if the specific status code is not understood. // even if the specific status code is not understood.
// If the response is not a redirect; return it as-is
var location = response.headers.location; var location = response.headers.location;
if (location && this._options.followRedirects !== false && if (!location || this._options.followRedirects === false ||
statusCode >= 300 && statusCode < 400) { statusCode < 300 || statusCode >= 400) {
// Abort the current request response.responseUrl = this._currentUrl;
response.redirects = this._redirects;
this.emit("response", response);
// Clean up
this._requestBodyBuffers = [];
return;
}
// The response is a redirect, so abort the current request
abortRequest(this._currentRequest); abortRequest(this._currentRequest);
// Discard the remainder of the response to avoid waiting for data // Discard the remainder of the response to avoid waiting for data
response.destroy(); response.destroy();
@ -4214,8 +4225,12 @@ RedirectableRequest.prototype._processResponse = function (response) {
var redirectUrlParts = url.parse(redirectUrl); var redirectUrlParts = url.parse(redirectUrl);
Object.assign(this._options, redirectUrlParts); Object.assign(this._options, redirectUrlParts);
// Drop the confidential headers when redirecting to another domain // Drop confidential headers when redirecting to a less secure protocol
if (!(redirectUrlParts.host === currentHost || isSubdomainOf(redirectUrlParts.host, currentHost))) { // or to a different domain that is not a superdomain
if (redirectUrlParts.protocol !== currentUrlParts.protocol &&
redirectUrlParts.protocol !== "https:" ||
redirectUrlParts.host !== currentHost &&
!isSubdomain(redirectUrlParts.host, currentHost)) {
removeMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers); removeMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers);
} }
@ -4239,16 +4254,6 @@ RedirectableRequest.prototype._processResponse = function (response) {
catch (cause) { catch (cause) {
this.emit("error", new RedirectionError(cause)); this.emit("error", new RedirectionError(cause));
} }
}
else {
// The response is not a redirect; return it as-is
response.responseUrl = this._currentUrl;
response.redirects = this._redirects;
this.emit("response", response);
// Clean up
this._requestBodyBuffers = [];
}
}; };
// Wraps the key/value object of protocols with redirect functionality // Wraps the key/value object of protocols with redirect functionality
@ -4381,7 +4386,7 @@ function abortRequest(request) {
request.abort(); request.abort();
} }
function isSubdomainOf(subdomain, domain) { function isSubdomain(subdomain, domain) {
const dot = subdomain.length - domain.length - 1; const dot = subdomain.length - domain.length - 1;
return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain);
} }

13
package-lock.json generated
View File

@ -5,6 +5,7 @@
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "http-request-action",
"version": "1.9.0", "version": "1.9.0",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
@ -76,9 +77,9 @@
} }
}, },
"node_modules/follow-redirects": { "node_modules/follow-redirects": {
"version": "1.14.8", "version": "1.14.9",
"resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.8.tgz", "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.9.tgz",
"integrity": "sha512-1x0S9UVJHsQprFcEC/qnNzBLcIxsjAV905f/UkQxbclCsoTWlacCNOpQa/anodLl2uaEKFhfWOvM2Qg77+15zA==", "integrity": "sha512-MQDfihBQYMcyy5dhRDJUHcw7lb2Pv/TuE6xP1vyraLukNDHKbDxDNaOE3NbCAdKQApno+GPRyo1YAp89yCjK4w==",
"funding": [ "funding": [
{ {
"type": "individual", "type": "individual",
@ -187,9 +188,9 @@
"integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=" "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk="
}, },
"follow-redirects": { "follow-redirects": {
"version": "1.14.8", "version": "1.14.9",
"resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.8.tgz", "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.9.tgz",
"integrity": "sha512-1x0S9UVJHsQprFcEC/qnNzBLcIxsjAV905f/UkQxbclCsoTWlacCNOpQa/anodLl2uaEKFhfWOvM2Qg77+15zA==" "integrity": "sha512-MQDfihBQYMcyy5dhRDJUHcw7lb2Pv/TuE6xP1vyraLukNDHKbDxDNaOE3NbCAdKQApno+GPRyo1YAp89yCjK4w=="
}, },
"form-data": { "form-data": {
"version": "4.0.0", "version": "4.0.0",