v4.0.0
Release Notes
This major change replaces the deprecated Request library with node-fetch, since Request contains a Server-side Request Forgery (SSRF) vulnerability with no fix expected.
Key Changes:
- Setting of default behaviour of underlying transport layer is now done by passing in a configuration object, as opposed to passing in a configured instance of
request. This removes coupling of the underlying transport layer, and your usage ofhttp-transport. See below for more detail. - The
httpResponseobject is now returned from node-fetch rather than Request, meaning that it is different in structure. The rest of the response is left unchanged from v3.5.6. - The
asCallback()function has been removed from theHttpTransportBuilder. Callbackifying the client can still be achieved using the[http-transport-callbacks](https://github.com/bbc/http-transport-callbacks)plugin.
Example of setting defaults:
const url = 'http://example.com/';
const HttpTransport = require('@bbc/http-transport');
const defaultConfig = {
agentOpts: { // Here you can pass in any options for the https agent https://nodejs.org/api/https.html#class-httpsagent
keepAlive: true,
maxSockets: 1000
},
defaults: {
json: true, // parses the response body as json, if false response body will be left as text
timeout: 2000 // sets timeout for each request
compress: true // support gzip/deflate content encoding. false to disable
}
};
const requestTransport = new HttpTransport.RequestTransport(defaultConfig);
const res = await HttpTransport.createClient(requestTransport);
.get(url)
.asResponse();
if (res.statusCode === 200) {
console.log(res.body);
}
Note: Before this major version, setting defaults was done by passing in a configured instance of request, this meant that you could use any of requests options. This is no longer the case, however we have kept the same functionality for any of the features used in ibl.
v4.0.0-2...v4.0.0