Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Prevent Cookie & Authorization Headers from being forwarded when the …
…URL redirects to another domain (information leak) #137
  • Loading branch information
Sampaguitas committed Feb 15, 2022
1 parent 5e1a63c commit 0979c60
Showing 1 changed file with 39 additions and 1 deletion.
40 changes: 39 additions & 1 deletion index.js
Expand Up @@ -11,6 +11,8 @@ var extend = require('extend');
var request = require('request');
var RetryStrategies = require('./strategies');
var _ = require('lodash');
var url = require('url');
var querystring = require("querystring");

var DEFAULTS = {
maxAttempts: 5, // try 5 times
Expand All @@ -24,6 +26,42 @@ function defaultPromiseFactory(resolver) {
return new Promise(resolver);
}

// Prevent Cookie & Authorization Headers from being forwarded
// when the URL redirects to another domain (information leak) #137
function sanitizeHeaders(options) {

const HEADERS_TO_IGNORE = ["cookie", "authorization"];

const urlObject = url.parse(options.url)
const queryObject = querystring.parse(urlObject.query);

const hasExternalLink = Object.keys(queryObject).reduce(function(acc, cur) {

let qUrl = url.parse(queryObject[cur]);

// external link if protocol || host || port is different
if(!!qUrl.host && (qUrl.protocol !== urlObject.protocol || qUrl.host !== urlObject.host || qUrl.port !== urlObject.port) ) {
acc = true;
}

return acc;

}, false);

if (hasExternalLink && options.hasOwnProperty("headers") && typeof(options.headers) === "object") {

// if External Link: remove Cookie and Authorization from Headers
Object.keys(options.headers).filter(function(key) {
return HEADERS_TO_IGNORE.includes(key.toLowerCase())
}).map(function(key) {
return delete options.headers[key]
});

}

return options;
}

function _cloneOptions(options) {
const cloned = {};
for (let key in options) {
Expand Down Expand Up @@ -85,7 +123,7 @@ function Request(url, options, f, retryConfig) {
* Option object
* @type {Object}
*/
this.options = options;
this.options = sanitizeHeaders(options);

/**
* Return true if the request should be retried
Expand Down

0 comments on commit 0979c60

Please sign in to comment.