make-fetch-happen - npm Package Compare versions

Comparing version 2.4.3 to 2.4.4

CHANGELOG.md

@@ -5,2 +5,12 @@ # Change Log
 
+<a name="2.4.4"></a>
+## [2.4.4](https://github.com/zkat/make-fetch-happen/compare/v2.4.3...v2.4.4) (2017-05-23)
+
+
+### Bug Fixes
+
+* **redirect:** handle redirects explicitly  (#27) ([4c4af54](https://github.com/zkat/make-fetch-happen/commit/4c4af54))
+
+
+
 <a name="2.4.3"></a>
@@ -7,0 +17,0 @@ ## [2.4.3](https://github.com/zkat/make-fetch-happen/compare/v2.4.2...v2.4.3) (2017-05-06)

index.js

 'use strict'
 
 let Cache
+const url = require('url')
 const CachePolicy = require('http-cache-semantics')
@@ -13,2 +14,3 @@ const fetch = require('node-fetch-npm')
 
+const isURL = /^https?:/
 const USER_AGENT = `${pkg.name}/${pkg.version} (+https://npm.im/${pkg.name})`
@@ -307,4 +309,5 @@
     method: opts.method,
-    redirect: opts.redirect,
+    redirect: 'manual',
     size: opts.size,
+    counter: opts.counter,
     timeout: opts.timeout
@@ -362,3 +365,55 @@ }
 
-          return res
+          if (!fetch.isRedirect(res.status) || opts.redirect === 'manual') {
+            return res
+          }
+
+          // handle redirects - matches behavior of npm-fetch: https://github.com/bitinn/node-fetch
+          if (opts.redirect === 'error') {
+            const err = new Error(`redirect mode is set to error: ${uri}`)
+            err.code = 'ENOREDIRECT'
+            throw err
+          }
+
+          if (!res.headers.get('location')) {
+            const err = new Error(`redirect location header missing at: ${uri}`)
+            err.code = 'EINVALIDREDIRECT'
+            throw err
+          }
+
+          if (req.counter >= req.follow) {
+            const err = new Error(`maximum redirect reached at: ${uri}`)
+            err.code = 'EMAXREDIRECT'
+            throw err
+          }
+
+          const resolvedUrl = url.resolve(req.url, res.headers.get('location'))
+          let redirectURL = url.parse(resolvedUrl)
+
+          if (isURL.test(res.headers.get('location'))) {
+            redirectURL = url.parse(res.headers.get('location'))
+          }
+
+          // Remove authorization if changing hostnames (but not if just
+          // changing ports or protocols).  This matches the behavior of request:
+          // https://github.com/request/request/blob/b12a6245/lib/redirect.js#L134-L138
+          if (url.parse(req.url).hostname !== redirectURL.hostname) {
+            req.headers.delete('authorization')
+          }
+
+          // for POST request with 301/302 response, or any request with 303 response,
+          // use GET when following redirect
+          if (res.status === 303 ||
+            ((res.status === 301 || res.status === 302) && req.method === 'POST')) {
+            opts.method = 'GET'
+            opts.body = null
+            req.headers.delete('content-length')
+          }
+
+          opts.headers = {}
+          req.headers.forEach((value, name) => {
+            opts.headers[name] = value
+          })
+
+          opts.counter = ++req.counter
+          return cachingFetch(resolvedUrl, opts)
         })
@@ -365,0 +420,0 @@ .catch(err => {

package.json

 {
   "name": "make-fetch-happen",
-  "version": "2.4.3",
+  "version": "2.4.4",
   "description": "Opinionated, caching, retrying fetch client",
@@ -5,0 +5,0 @@ "main": "index.js",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

57681

increased by4.22%

Lines of code

782

increased by6.25%

Worsened metrics

Number of medium supply chain risk alerts

16

increased by6.67%

No dependency changes