Comparing version 5.0.0 to 5.0.1
15
index.js
@@ -39,5 +39,6 @@ module.exports = extend() | ||
const { hostname, port, protocol, auth, path } = url.parse(opts.url) // eslint-disable-line node/no-deprecated-api | ||
if (!hostname && !port && !protocol && !auth) opts.path = path // Relative redirect | ||
if (!hostname && !port && !protocol && !auth) opts.path = path // Relative path with hostname set | ||
else Object.assign(opts, { hostname, port, protocol, auth, path }) // Absolute redirect | ||
} | ||
const originalRequest = { hostname: opts.hostname, port: opts.port, protocol: opts.protocol, auth: opts.auth, path: opts.path } | ||
opts = opts.beforeRequest(opts) | ||
@@ -62,3 +63,2 @@ | ||
const originalHost = opts.hostname // hostname before potential redirect | ||
const protocol = opts.protocol === 'https:' ? https : http // Support http/https urls | ||
@@ -95,7 +95,10 @@ const chunks = [] | ||
res.resume() // Discard response, consume data until the end to free up memory. Mandatory! | ||
opts.url = res.headers.location // Follow 3xx redirects | ||
delete opts.headers.host // Discard `host` header on redirect (see #32) | ||
const redirectHost = url.parse(opts.url).hostname // eslint-disable-line node/no-deprecated-api | ||
// If redirected host is different than original host, drop headers to prevent cookie leak (#73) | ||
if (redirectHost !== null && redirectHost !== originalHost) { | ||
opts.url = res.headers.location | ||
const redirectTo = url.parse(opts.url) // eslint-disable-line node/no-deprecated-api | ||
if (redirectTo.hostname === null) { // relative redirect | ||
opts.url = null | ||
Object.assign(opts, originalRequest) | ||
opts.path = redirectTo.path | ||
} else if (redirectTo.hostname !== originalRequest.hostname) { // If redirected host is different than original host, drop headers to prevent cookie leak (#73) | ||
delete opts.headers.cookie | ||
@@ -102,0 +105,0 @@ delete opts.headers.authorization |
{ | ||
"name": "rock-req", | ||
"description": "Zero dependencies (160 LOC) & rock-solid request library: http/https, reliable retry on failure, redirects, gzip/deflate/brotli, extensible, proxy, streams, JSON mode, forms, timeout", | ||
"version": "5.0.0", | ||
"version": "5.0.1", | ||
"author": { | ||
@@ -6,0 +6,0 @@ "name": "David Grelaud & Feross Aboukhadijeh" |
@@ -10,8 +10,11 @@ | ||
[![javascript style guide][standard-image]][standard-url] | ||
[![npm][npm-image]][npm-url] [![ci][ci-image]][ci-url] [![javascript style guide][standard-image]][standard-url] | ||
[standard-image]: https://img.shields.io/badge/code_style-standard-brightgreen.svg | ||
[standard-url]: https://standardjs.com | ||
[npm-image]: https://img.shields.io/npm/v/rock-req.svg | ||
[npm-url]: https://npmjs.org/package/rock-req | ||
[ci-url]: https://github.com/carboneio/rock-req/actions | ||
[ci-image]: https://img.shields.io/github/actions/workflow/status/carboneio/rock-req/ci.yml?branch=master | ||
## 🔥 Why should you need this? | ||
@@ -234,3 +237,3 @@ | ||
The callback is called when all the request succeed or all retries are done | ||
The callback is called when the request succeed or all retries are done | ||
@@ -321,3 +324,3 @@ ```js | ||
`beforeRequest` is always called on each redirect/retry. | ||
- on redirect, `opts.url` (and `hostname`, `port`, `protocol`, `path`) is updated to the new location | ||
- on redirect, `opts.url` (and `hostname`, `port`, `protocol`, `path`) is updated to the new location. `opts.url` is null if it is a relative redirect. | ||
- on retry, `opts.url` (and `hostname`, `port`, `protocol`, `path`) have the same value as they did | ||
@@ -334,3 +337,3 @@ when the rock-req was initially called. | ||
opts.port = 80; | ||
opts.path = `${encodeURIComponent(hostname)}/${port}${path}`; | ||
opts.path = `${hostname}/${port}${path}`; | ||
return opts; | ||
@@ -337,0 +340,0 @@ }, |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
27418
145
584