follow-redirects - npm Package Compare versions

Comparing version 1.10.0 to 1.11.0

index.js

@@ -338,5 +338,4 @@ var url = require("url");
     // Drop the Host header, as the redirect might lead to a different host
-    if (!this._isRedirect) {
-      removeMatchingHeaders(/^host$/i, this._options.headers);
-    }
+    var previousHostName = removeMatchingHeaders(/^host$/i, this._options.headers) ||
+      url.parse(this._currentUrl).hostname;
 
@@ -347,4 +346,10 @@ // Create the redirected request
     this._isRedirect = true;
-    Object.assign(this._options, url.parse(redirectUrl));
+    var redirectUrlParts = url.parse(redirectUrl);
+    Object.assign(this._options, redirectUrlParts);
 
+    // Drop the Authorization header if redirecting to another host
+    if (redirectUrlParts.hostname !== previousHostName) {
+      removeMatchingHeaders(/^authorization$/i, this._options.headers);
+    }
+
     // Evaluate the beforeRedirect callback
@@ -470,7 +475,10 @@ if (typeof this._options.beforeRedirect === "function") {
 function removeMatchingHeaders(regex, headers) {
+  var lastValue;
   for (var header in headers) {
     if (regex.test(header)) {
+      lastValue = headers[header];
       delete headers[header];
     }
   }
+  return lastValue;
 }
@@ -477,0 +485,0 @@

package.json

 {
   "name": "follow-redirects",
-  "version": "1.10.0",
+  "version": "1.11.0",
   "description": "HTTP and HTTPS modules that follow redirects.",
@@ -5,0 +5,0 @@ "license": "MIT",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

23524

increased by1.53%

Lines of code

448

increased by1.59%

No dependency changes