eventsource - npm Package Compare versions

eventsource

Package Overview

Dependencies

Maintainers

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 2.0.1 to 2.0.2

HISTORY.md

		@@ -0,1 +1,5 @@
		# [2.0.2](https://github.com/EventSource/eventsource/compare/v2.0.1...v2.0.2)

		* Do not include authorization and cookie headers on redirect to different origin ([#273](https://github.com/EventSource/eventsource/pull/273) Espen Hovlandsdal)

		# [2.0.1](https://github.com/EventSource/eventsource/compare/v2.0.0...v2.0.1)
		@@ -11,2 +15,6 @@

		# [1.1.1](https://github.com/EventSource/eventsource/compare/v1.1.0...v1.1.1)

		* Do not include authorization and cookie headers on redirect to different origin ([#273](https://github.com/EventSource/eventsource/pull/273) Espen Hovlandsdal)

		# [1.1.0](https://github.com/EventSource/eventsource/compare/v1.0.7...v1.1.0)
		@@ -13,0 +21,0 @@

lib/eventsource.js

		@@ -19,2 +19,4 @@ var parse = require('url').parse
		var maxBufferAheadAllocation = 1024 * 256
		// Headers matching the pattern should be removed when redirecting to different origin
		var reUnsafeHeader = /^(cookie\|authorization)$/i

		@@ -36,2 +38,4 @@ function hasBom (buf) {
		var readyState = EventSource.CONNECTING
		var headers = eventSourceInitDict && eventSourceInitDict.headers
		var hasNewOrigin = false
		Object.defineProperty(this, 'readyState', {
		@@ -58,7 +62,8 @@ get: function () {

		// The url may have been changed by a temporary
		// redirect. If that's the case, revert it now.
		// The url may have been changed by a temporary redirect. If that's the case,
		// revert it now, and flag that we are no longer pointing to a new origin
		if (reconnectUrl) {
		url = reconnectUrl
		reconnectUrl = null
		hasNewOrigin = false
		}
		@@ -76,5 +81,5 @@ setTimeout(function () {
		var lastEventId = ''
		if (eventSourceInitDict && eventSourceInitDict.headers && eventSourceInitDict.headers['Last-Event-ID']) {
		lastEventId = eventSourceInitDict.headers['Last-Event-ID']
		delete eventSourceInitDict.headers['Last-Event-ID']
		if (headers && headers['Last-Event-ID']) {
		lastEventId = headers['Last-Event-ID']
		delete headers['Last-Event-ID']
		}
		@@ -93,5 +98,6 @@
		if (lastEventId) options.headers['Last-Event-ID'] = lastEventId
		if (eventSourceInitDict && eventSourceInitDict.headers) {
		for (var i in eventSourceInitDict.headers) {
		var header = eventSourceInitDict.headers[i]
		if (headers) {
		var reqHeaders = hasNewOrigin ? removeUnsafeHeaders(headers) : headers
		for (var i in reqHeaders) {
		var header = reqHeaders[i]
		if (header) {
		@@ -156,3 +162,4 @@ options.headers[i] = header
		if (res.statusCode === 301 \|\| res.statusCode === 302 \|\| res.statusCode === 307) {
		if (!res.headers.location) {
		var location = res.headers.location
		if (!location) {
		// Server sent redirect response without Location header.
		@@ -162,4 +169,7 @@ _emit('error', new Event('error', {status: res.statusCode, message: res.statusMessage}))
		}
		var prevOrigin = new URL(url).origin
		var nextOrigin = new URL(location).origin
		hasNewOrigin = prevOrigin !== nextOrigin
		if (res.statusCode === 307) reconnectUrl = url
		url = res.headers.location
		url = location
		process.nextTick(connect)
		@@ -473,1 +483,21 @@ return
		}

		/**
		* Returns a new object of headers that does not include any authorization and cookie headers
		*
		* @param {Object} headers An object of headers ({[headerName]: headerValue})
		* @return {Object} a new object of headers
		* @api private
		*/
		function removeUnsafeHeaders (headers) {
		var safe = {}
		for (var key in headers) {
		if (reUnsafeHeader.test(key)) {
		continue
		}

		safe[key] = headers[key]
		}

		return safe
		}

package.json

		{
		"name": "eventsource",
		"version": "2.0.1",
		"version": "2.0.2",
		"description": "W3C compliant EventSource client for Node.js and browser (polyfill)",
		@@ -5,0 +5,0 @@ "keywords": [

example/eventsource-polyfill.js

Sorry, the diff of this file is too big to display

Improved metrics