Merge pull request #139 from Sampaguitas/master

test file (information leak) #137
FGRibreau · Feb 21, 2022 · f517344 · f517344
2 parents 3c0d686 + 2768f5c
commit f517344
Showing 1 changed file with 39 additions and 0 deletions.
diff --git a/test/leak.test.js b/test/leak.test.js
@@ -0,0 +1,39 @@
+'use strict';
+
+var request = require('../').defaults({ json: true });;
+var t = require('chai').assert;
+
+describe('Information Leak', function () {
+
+    it('should not forward cookie headers when the request has a redirect', function (done) {
+
+        request({
+            url: 'https://httpbingo.org/redirect-to?url=http://httpbingo.org/cookies',
+            headers: {
+                'Content-Type': 'application/json',
+                'cookie': 'ajs_anonymous_id=1234567890',
+                'authorization': 'Bearer eyJhb12345abcdef'
+            },
+            json:true
+        }, function (err, response, body) {
+            t.strictEqual(Object.keys(body).length, 0);
+            done();
+        });
+    });
+
+    it('should not forward authorization headers when the request has a redirect', function (done) {
+
+        request({
+            url: 'https://httpbingo.org/redirect-to?url=http://httpbingo.org/bearer',
+            headers: {
+                'Content-Type': 'application/json',
+                'cookie': 'ajs_anonymous_id=1234567890',
+                'authorization': 'Bearer eyJhb12345abcdef'
+            }
+        }, function (err, response, body) {
+            t.strictEqual(body, '');
+            done();
+        });
+    });
+
+});