eventsource
Advanced tools
Comparing version 1.1.0 to 1.1.1
@@ -0,1 +1,5 @@ | ||
| # [1.1.1](https://github.com/EventSource/eventsource/compare/v1.1.0...v1.1.1) | ||
| * Do not include authorization and cookie headers on redirect to different origin ([#273](https://github.com/EventSource/eventsource/pull/273) Espen Hovlandsdal) | ||
| # [1.1.0](https://github.com/EventSource/eventsource/compare/v1.0.7...v1.1.0) | ||
@@ -2,0 +6,0 @@ |
@@ -34,2 +34,4 @@ var original = require('original') | ||
| var readyState = EventSource.CONNECTING | ||
| var headers = eventSourceInitDict && eventSourceInitDict.headers | ||
| var hasNewOrigin = false | ||
| Object.defineProperty(this, 'readyState', { | ||
@@ -56,7 +58,8 @@ get: function () { | ||
| // The url may have been changed by a temporary | ||
| // redirect. If that's the case, revert it now. | ||
| // The url may have been changed by a temporary redirect. If that's the case, | ||
| // revert it now, and flag that we are no longer pointing to a new origin | ||
| if (reconnectUrl) { | ||
| url = reconnectUrl | ||
| reconnectUrl = null | ||
| hasNewOrigin = false | ||
| } | ||
@@ -74,5 +77,5 @@ setTimeout(function () { | ||
| var lastEventId = '' | ||
| if (eventSourceInitDict && eventSourceInitDict.headers && eventSourceInitDict.headers['Last-Event-ID']) { | ||
| lastEventId = eventSourceInitDict.headers['Last-Event-ID'] | ||
| delete eventSourceInitDict.headers['Last-Event-ID'] | ||
| if (headers && headers['Last-Event-ID']) { | ||
| lastEventId = headers['Last-Event-ID'] | ||
| delete headers['Last-Event-ID'] | ||
| } | ||
@@ -91,5 +94,6 @@ | ||
| if (lastEventId) options.headers['Last-Event-ID'] = lastEventId | ||
| if (eventSourceInitDict && eventSourceInitDict.headers) { | ||
| for (var i in eventSourceInitDict.headers) { | ||
| var header = eventSourceInitDict.headers[i] | ||
| if (headers) { | ||
| var reqHeaders = hasNewOrigin ? removeUnsafeHeaders(headers) : headers | ||
| for (var i in reqHeaders) { | ||
| var header = reqHeaders[i] | ||
| if (header) { | ||
@@ -154,3 +158,4 @@ options.headers[i] = header | ||
| if (res.statusCode === 301 || res.statusCode === 302 || res.statusCode === 307) { | ||
| if (!res.headers.location) { | ||
| var location = res.headers.location | ||
| if (!location) { | ||
| // Server sent redirect response without Location header. | ||
@@ -160,4 +165,7 @@ _emit('error', new Event('error', {status: res.statusCode, message: res.statusMessage})) | ||
| } | ||
| var prevOrigin = original(url) | ||
| var nextOrigin = original(location) | ||
| hasNewOrigin = prevOrigin !== nextOrigin | ||
| if (res.statusCode === 307) reconnectUrl = url | ||
| url = res.headers.location | ||
| url = location | ||
| process.nextTick(connect) | ||
@@ -452,1 +460,21 @@ return | ||
| } | ||
| /** | ||
| * Returns a new object of headers that does not include any authorization and cookie headers | ||
| * | ||
| * @param {Object} headers An object of headers ({[headerName]: headerValue}) | ||
| * @return {Object} a new object of headers | ||
| * @api private | ||
| */ | ||
| function removeUnsafeHeaders (headers) { | ||
| var safe = {} | ||
| for (var key in headers) { | ||
| if (/^(cookie|authorization)$/i.test(key)) { | ||
| continue | ||
| } | ||
| safe[key] = headers[key] | ||
| } | ||
| return safe | ||
| } |
| { | ||
| "name": "eventsource", | ||
| "version": "1.1.0", | ||
| "version": "1.1.1", | ||
| "description": "W3C compliant EventSource client for Node.js and browser (polyfill)", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
Sorry, the diff of this file is too big to display
No alert changes
Improved metrics
- Total package byte prevSize
- increased by3.89%
328802
- Lines of code
- increased by3.35%
9335
No dependency changes