node-fetch
Advanced tools
Comparing version 3.2.8 to 3.2.9
/// <reference types="node" /> | ||
/// <reference lib="dom" /> | ||
@@ -4,0 +3,0 @@ import {RequestOptions} from 'http'; |
{ | ||
"name": "node-fetch", | ||
"version": "3.2.8", | ||
"version": "3.2.9", | ||
"description": "A light-weight module that brings Fetch API to node.js", | ||
@@ -5,0 +5,0 @@ "main": "./src/index.js", |
@@ -445,3 +445,3 @@ <div align="center"> | ||
The minium requirement is that it has: | ||
The minimum requirement is that it has: | ||
1. A `Symbol.toStringTag` getter or property that is either `Blob` or `File` | ||
@@ -448,0 +448,0 @@ 2. A known size. |
@@ -25,3 +25,3 @@ /** | ||
import {FormData} from 'formdata-polyfill/esm.min.js'; | ||
import {isDomainOrSubdomain} from './utils/is.js'; | ||
import {isDomainOrSubdomain, isSameProtocol} from './utils/is.js'; | ||
import {parseReferrerPolicyFromHeader} from './utils/referrer.js'; | ||
@@ -207,3 +207,6 @@ import { | ||
// will forward the sensitive headers, but a redirect to "bar.com" will not. | ||
if (!isDomainOrSubdomain(request.url, locationURL)) { | ||
// headers will also be ignored when following a redirect to a domain using | ||
// a different protocol. For example, a redirect from "https://foo.com" to "http://foo.com" | ||
// will not forward the sensitive headers | ||
if (!isDomainOrSubdomain(request.url, locationURL) || !isSameProtocol(request.url, locationURL)) { | ||
for (const name of ['authorization', 'www-authenticate', 'cookie', 'cookie2']) { | ||
@@ -210,0 +213,0 @@ requestOptions.headers.delete(name); |
@@ -74,1 +74,15 @@ /** | ||
}; | ||
/** | ||
* isSameProtocol reports whether the two provided URLs use the same protocol. | ||
* | ||
* Both domains must already be in canonical form. | ||
* @param {string|URL} original | ||
* @param {string|URL} destination | ||
*/ | ||
export const isSameProtocol = (destination, original) => { | ||
const orig = new URL(original).protocol; | ||
const dest = new URL(destination).protocol; | ||
return orig === dest; | ||
}; |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
106651
2305