frodovdr/node-red
1
0
Fork 0
mirror of https://github.com/node-red/node-red.git synced 2025-03-01 10:36:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1884 from node-red-hitachi/dev-redirect-bugfix

Browse Source 
Prohibit http-request node from sending cookies to the different domain when redirected
This commit is contained in:
Nick O'Leary
2018-09-17 14:15:18 +01:00
committed by GitHub
parent 5bb27109bf 62b2adab78
commit 5fc3ca0e23
2 changed files with 208 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
nodes/core/io/21-httprequest.js
View File

@@ -83,6 +83,7 @@ module.exports = function(RED) {
opts.headers = {};
opts.encoding = null; // Force NodeJs to return a Buffer (instead of a string)
opts.maxRedirects = 21;
opts.jar = request.jar();
var ctSet = "Content-Type"; // set default camel case
var clSet = "Content-Length";
if (msg.headers) {
@@ -112,28 +113,42 @@ module.exports = function(RED) {
}
if (msg.hasOwnProperty('followRedirects')) {
opts.followRedirect = msg.followRedirects;
}
if (!opts.hasOwnProperty('followRedirect') || opts.followRedirect) {
opts.followRedirect = function(res) {
if (this.headers.cookie) {
delete this.headers.cookie;
}
return true;
};
}
if (opts.headers.hasOwnProperty('cookie')) {
var cookies = cookie.parse(opts.headers.cookie);
for (var name in cookies) {
if (cookies.hasOwnProperty(name)) {
if (cookies[name] === null) {
// This case clears a cookie for HTTP In/Response nodes.
// Ignore for this node.
} else {
opts.jar.setCookie(name + '=' + cookies[name], url);
}
}
}
delete opts.headers.cookie;
}
if (msg.cookies) {
var cookies = [];
if (opts.headers.hasOwnProperty('cookie')) {
cookies.push(opts.headers.cookie);
}
for (var name in msg.cookies) {
if (msg.cookies.hasOwnProperty(name)) {
if (msg.cookies[name] === null || msg.cookies[name].value === null) {
// This case clears a cookie for HTTP In/Response nodes.
// Ignore for this node.
} else if (typeof msg.cookies[name] === 'object') {
cookies.push(cookie.serialize(name,msg.cookies[name].value));
opts.jar.setCookie(name + '=' + msg.cookies[name].value, url);
} else {
cookies.push(cookie.serialize(name,msg.cookies[name]));
opts.jar.setCookie(name + '=' + msg.cookies[name], url);
}
}
}
if (cookies.length > 0) {
opts.headers.cookie = cookies.join("; ");
}
}
if (this.credentials && this.credentials.user) {
opts.auth = {