node-fetch
Advanced tools
Comparing version 2.6.6 to 2.6.7
@@ -1404,6 +1404,14 @@ process.emitWarning("The .es.js file is deprecated. Use .mjs instead."); | ||
const URL$1 = Url.URL || whatwgUrl.URL; | ||
// fix an issue where "PassThrough", "resolve" aren't a named export for node <10 | ||
const PassThrough$1 = Stream.PassThrough; | ||
const resolve_url = Url.resolve; | ||
const isDomainOrSubdomain = function isDomainOrSubdomain(destination, original) { | ||
const orig = new URL$1(original).hostname; | ||
const dest = new URL$1(destination).hostname; | ||
return orig === dest || orig[orig.length - dest.length - 1] === '.' && orig.endsWith(dest); | ||
}; | ||
/** | ||
@@ -1495,3 +1503,15 @@ * Fetch function | ||
// HTTP fetch step 5.3 | ||
const locationURL = location === null ? null : resolve_url(request.url, location); | ||
let locationURL = null; | ||
try { | ||
locationURL = location === null ? null : new URL$1(location, request.url).toString(); | ||
} catch (err) { | ||
// error here can only be invalid URL in Location: header | ||
// do not throw when options.redirect == manual | ||
// let the user extract the errorneous redirect URL | ||
if (request.redirect !== 'manual') { | ||
reject(new FetchError(`uri requested responds with an invalid redirect URL: ${location}`, 'invalid-redirect')); | ||
finalize(); | ||
return; | ||
} | ||
} | ||
@@ -1544,2 +1564,8 @@ // HTTP fetch step 5.5 | ||
if (!isDomainOrSubdomain(request.url, locationURL)) { | ||
for (const name of ['authorization', 'www-authenticate', 'cookie', 'cookie2']) { | ||
requestOpts.headers.delete(name); | ||
} | ||
} | ||
// HTTP-redirect fetch step 9 | ||
@@ -1546,0 +1572,0 @@ if (res.statusCode !== 303 && request.body && getTotalBytes(request) === null) { |
@@ -1408,6 +1408,14 @@ 'use strict'; | ||
const URL$1 = Url.URL || whatwgUrl.URL; | ||
// fix an issue where "PassThrough", "resolve" aren't a named export for node <10 | ||
const PassThrough$1 = Stream.PassThrough; | ||
const resolve_url = Url.resolve; | ||
const isDomainOrSubdomain = function isDomainOrSubdomain(destination, original) { | ||
const orig = new URL$1(original).hostname; | ||
const dest = new URL$1(destination).hostname; | ||
return orig === dest || orig[orig.length - dest.length - 1] === '.' && orig.endsWith(dest); | ||
}; | ||
/** | ||
@@ -1499,3 +1507,15 @@ * Fetch function | ||
// HTTP fetch step 5.3 | ||
const locationURL = location === null ? null : resolve_url(request.url, location); | ||
let locationURL = null; | ||
try { | ||
locationURL = location === null ? null : new URL$1(location, request.url).toString(); | ||
} catch (err) { | ||
// error here can only be invalid URL in Location: header | ||
// do not throw when options.redirect == manual | ||
// let the user extract the errorneous redirect URL | ||
if (request.redirect !== 'manual') { | ||
reject(new FetchError(`uri requested responds with an invalid redirect URL: ${location}`, 'invalid-redirect')); | ||
finalize(); | ||
return; | ||
} | ||
} | ||
@@ -1548,2 +1568,8 @@ // HTTP fetch step 5.5 | ||
if (!isDomainOrSubdomain(request.url, locationURL)) { | ||
for (const name of ['authorization', 'www-authenticate', 'cookie', 'cookie2']) { | ||
requestOpts.headers.delete(name); | ||
} | ||
} | ||
// HTTP-redirect fetch step 9 | ||
@@ -1550,0 +1576,0 @@ if (res.statusCode !== 303 && request.body && getTotalBytes(request) === null) { |
{ | ||
"name": "node-fetch", | ||
"version": "2.6.6", | ||
"version": "2.6.7", | ||
"description": "A light-weight module that brings window.fetch to node.js", | ||
@@ -42,2 +42,10 @@ "main": "lib/index.js", | ||
}, | ||
"peerDependencies": { | ||
"encoding": "^0.1.0" | ||
}, | ||
"peerDependenciesMeta": { | ||
"encoding": { | ||
"optional": true | ||
} | ||
}, | ||
"devDependencies": { | ||
@@ -44,0 +52,0 @@ "@ungap/url-search-params": "^0.1.2", |
Sorry, the diff of this file is not supported yet
152240
4396
2