Merge pull request #144 from SidneyJiang/master

add skipHeaderSanitize option to skip sanitizeHeader method
FGRibreau · Apr 12, 2022 · 34fce16 · 34fce16
2 parents e1c577b + 08e181a
commit 34fce16
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 2 deletions.
diff --git a/index.js b/index.js
@@ -18,7 +18,8 @@ var DEFAULTS = {
   maxAttempts: 5, // try 5 times
   retryDelay: 5000, // wait for 5s before trying again
   fullResponse: true, // resolve promise with the full response object
-  promiseFactory: defaultPromiseFactory // Function to use a different promise implementation library
+  promiseFactory: defaultPromiseFactory, // Function to use a different promise implementation library
+  skipHeaderSanitize: false // sanitize header by default
 };
 
 // Default promise factory which use bluebird
@@ -119,7 +120,7 @@ function Request(url, options, f, retryConfig) {
    * Option object
    * @type {Object}
    */
-  this.options = sanitizeHeaders(options);
+  this.options = retryConfig.skipHeaderSanitize ? options : sanitizeHeaders(options)
 
   /**
    * Return true if the request should be retried

diff --git a/test/leak.test.js b/test/leak.test.js
@@ -126,5 +126,25 @@ describe('Information Leak', function () {
       done();
     });
   });
+
+
+  it('should forward authorization headers regardless if skipHeaderSanitize is set to true', function (done) {
+
+    request({
+      url: 'https://httpbingo.org/redirect-to?url=http://httpbingo.org/bearer',
+      headers: {
+        'Content-Type': 'application/json',
+        'cookie': 'ajs_anonymous_id=1234567890',
+        'authorization': 'Bearer eyJhb12345abcdef'
+      },
+      skipHeaderSanitize: true
+    }, function (err, response, body) {
+      t.deepEqual(body, {
+        "authenticated": true,
+        "token": "eyJhb12345abcdef"
+      });
+      done();
+    });
+  });
 
 });