Big News: Socket Selected for OpenAI's Cybersecurity Grant Program.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

xmlhttprequest

Package Overview
Dependencies
Maintainers
1
Versions
11
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

xmlhttprequest - npm Package Compare versions

Comparing version
1.4.2
 to
1.5.0
+17
-2
lib/XMLHttpRequest.js

@@ -34,2 +34,6 @@ /**

// Disable header blacklist.
// Not part of XHR specs.
var disableHeaderCheck = false;
// Set some default headers

@@ -121,3 +125,3 @@ var defaultHeaders = {

var isAllowedHttpHeader = function(header) {
return (header && forbiddenRequestHeaders.indexOf(header.toLowerCase()) === -1);
return disableHeaderCheck || (header && forbiddenRequestHeaders.indexOf(header.toLowerCase()) === -1);
};

@@ -170,2 +174,12 @@

/**
* Disables or enables isAllowedHttpHeader() check the request. Enabled by default.
* This does not conform to the W3C spec.
*
* @param boolean state Enable or disable header checking.
*/
this.setDisableHeaderCheck = function(state) {
disableHeaderCheck = state;
}
/**
* Sets a header for the request.

@@ -352,3 +366,4 @@ *

method: settings.method,
headers: headers
headers: headers,
agent: false
};

@@ -355,0 +370,0 @@ 

+4
-4
package.json
{
"name": "xmlhttprequest"
, "description": "XMLHttpRequest for Node"
, "version": "1.4.2"
, "version": "1.5.0"
, "author": {
"name": "Dan DeFelippi"
, "url": "http://driverdan.com"
, "url": "http://driverdan.com"
}

@@ -12,7 +12,7 @@ , "keywords": ["xhr", "ajax"]

"type": "MIT"
, "url": "http://creativecommons.org/licenses/MIT/"
, "url": "http://creativecommons.org/licenses/MIT/"
}]
, "repository": {
"type": "git"
, "url": "git://github.com/driverdan/node-XMLHttpRequest.git"
, "url": "git://github.com/driverdan/node-XMLHttpRequest.git"
}

@@ -19,0 +19,0 @@ , "bugs": "http://github.com/driverdan/node-XMLHttpRequest/issues"

+16
-1
tests/test-headers.js

@@ -11,2 +11,6 @@ var sys = require("util")

assert.equal("Foobar", req.headers["x-test"]);
// Test non-conforming allowed header
assert.equal("node-XMLHttpRequest-test", req.headers["user-agent"]);
// Test header set with blacklist disabled
assert.equal("http://github.com", req.headers["referer"]);

@@ -21,2 +25,3 @@ var body = "Hello World";

"Set-Cookie2": "bar=baz",
"Date": "Thu, 30 Aug 2012 18:17:53 GMT",
"Connection": "close"

@@ -33,3 +38,3 @@ });

// Test getAllResponseHeaders()
var headers = "content-type: text/plain\r\ncontent-length: 11\r\nconnection: close";
var headers = "content-type: text/plain\r\ncontent-length: 11\r\ndate: Thu, 30 Aug 2012 18:17:53 GMT\r\nconnection: close";
assert.equal(headers, this.getAllResponseHeaders());

@@ -59,4 +64,14 @@

xhr.setRequestHeader("Content-Length", 0);
// Allowed header outside of specs
xhr.setRequestHeader("user-agent", "node-XMLHttpRequest-test");
// Test getRequestHeader
assert.equal("Foobar", xhr.getRequestHeader("X-Test"));
// Test invalid header
assert.equal("", xhr.getRequestHeader("Content-Length"));
// Test allowing all headers
xhr.setDisableHeaderCheck(true);
xhr.setRequestHeader("Referer", "http://github.com");
assert.equal("http://github.com", xhr.getRequestHeader("Referer"));
xhr.send();

@@ -63,0 +78,0 @@ } catch(e) {