actions/http-client
1
0
Fork 0
mirror of https://github.com/actions/http-client.git synced 2025-04-22 02:02:29 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix and tests

Browse Source
This commit is contained in:
Bryan MacFarlane 2020-04-23 16:26:28 -04:00
parent ab10999b09
commit fbd137758a
2 changed files with 54 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
__tests__/basics.test.ts
View File

@ -179,6 +179,50 @@ describe('basics', () => {
done() done()
}) })
it('does not pass auth with diff hostname redirects', async done => {
let headers = {
"accept": "application/json",
"authorization": "shhh"
}
let res: httpm.HttpClientResponse = await _http.get(
'https://httpbin.org/redirect-to?url=' +
encodeURIComponent('https://www.httpbin.org/get'),
headers
)
expect(res.message.statusCode).toBe(200)
let body: string = await res.readBody()
let obj: any = JSON.parse(body)
// httpbin "fixes" the casing
expect(obj.headers["Authorization"]).toBeUndefined()
expect(obj.headers["authorization"]).toBeUndefined()
expect(obj.url).toBe('https://www.httpbin.org/get')
done()
})
it('does not pass Auth with diff hostname redirects', async done => {
let headers = {
"Accept": "application/json",
"Authorization": "shhh"
}
let res: httpm.HttpClientResponse = await _http.get(
'https://httpbin.org/redirect-to?url=' +
encodeURIComponent('https://www.httpbin.org/get'),
headers
)
expect(res.message.statusCode).toBe(200)
let body: string = await res.readBody()
let obj: any = JSON.parse(body)
// httpbin "fixes" the casing
expect(obj.headers["Authorization"]).toBeUndefined()
expect(obj.headers["authorization"]).toBeUndefined()
expect(obj.url).toBe('https://www.httpbin.org/get')
done()
})
it('does basic head request', async done => { it('does basic head request', async done => {
let res: httpm.HttpClientResponse = await _http.head( let res: httpm.HttpClientResponse = await _http.head(
'http://httpbin.org/get' 'http://httpbin.org/get'

10
index.ts
View File

@ -386,6 +386,16 @@ export class HttpClient {
// which will leak the open socket. // which will leak the open socket.
await response.readBody() await response.readBody()
// strip authorization header if redirected to a different hostname
if (parsedRedirectUrl.hostname !== parsedUrl.hostname) {
for(let header in headers){
// header names are case insensitive
if (header.toLowerCase() === "authorization") {
delete headers[header]
}
}
}
// let's make the request with the new redirectUrl // let's make the request with the new redirectUrl
info = this._prepareRequest(verb, parsedRedirectUrl, headers) info = this._prepareRequest(verb, parsedRedirectUrl, headers)
response = await this.requestRaw(info, data) response = await this.requestRaw(info, data)