fix(http): prevent POST request from being proxied (#7402)

ionic-team · Apr 15, 2024 · 6a96ce7 · 6a96ce7
1 parent aed075f
commit 6a96ce7
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 22 deletions.
diff --git a/android/capacitor/src/main/assets/native-bridge.js b/android/capacitor/src/main/assets/native-bridge.js
@@ -502,11 +502,11 @@ var nativeBridge = (function (exports) {
                         if (request.url.startsWith(`${cap.getServerUrl()}/`)) {
                             return win.CapacitorWebFetch(resource, options);
                         }
-                        if (!(options === null || options === void 0 ? void 0 : options.method) ||
-                            options.method.toLocaleUpperCase() === 'GET' ||
-                            options.method.toLocaleUpperCase() === 'HEAD' ||
-                            options.method.toLocaleUpperCase() === 'OPTIONS' ||
-                            options.method.toLocaleUpperCase() === 'TRACE') {
+                        const { method } = request;
+                        if (method.toLocaleUpperCase() === 'GET' ||
+                            method.toLocaleUpperCase() === 'HEAD' ||
+                            method.toLocaleUpperCase() === 'OPTIONS' ||
+                            method.toLocaleUpperCase() === 'TRACE') {
                             if (typeof resource === 'string') {
                                 return await win.CapacitorWebFetch(createProxyUrl(resource, win), options);
                             }
@@ -518,8 +518,7 @@ var nativeBridge = (function (exports) {
                         const tag = `CapacitorHttp fetch ${Date.now()} ${resource}`;
                         console.time(tag);
                         try {
-                            // intercept request & pass to the bridge
-                            const { body, method } = request;
+                            const { body } = request;
                             const optionHeaders = Object.fromEntries(request.headers.entries());
                             const { data: requestData, type, headers, } = await convertBody((options === null || options === void 0 ? void 0 : options.body) || body || undefined, optionHeaders['Content-Type'] || optionHeaders['content-type']);
                             const nativeResponse = await cap.nativePromise('CapacitorHttp', 'request', {

diff --git a/core/native-bridge.ts b/core/native-bridge.ts
@@ -551,13 +551,12 @@ const initBridge = (w: any): void => {
           if (request.url.startsWith(`${cap.getServerUrl()}/`)) {
             return win.CapacitorWebFetch(resource, options);
           }
-
+          const { method } = request;
           if (
-            !options?.method ||
-            options.method.toLocaleUpperCase() === 'GET' ||
-            options.method.toLocaleUpperCase() === 'HEAD' ||
-            options.method.toLocaleUpperCase() === 'OPTIONS' ||
-            options.method.toLocaleUpperCase() === 'TRACE'
+            method.toLocaleUpperCase() === 'GET' ||
+            method.toLocaleUpperCase() === 'HEAD' ||
+            method.toLocaleUpperCase() === 'OPTIONS' ||
+            method.toLocaleUpperCase() === 'TRACE'
           ) {
             if (typeof resource === 'string') {
               return await win.CapacitorWebFetch(
@@ -576,8 +575,7 @@ const initBridge = (w: any): void => {
           const tag = `CapacitorHttp fetch ${Date.now()} ${resource}`;
           console.time(tag);
           try {
-            // intercept request & pass to the bridge
-            const { body, method } = request;
+            const { body } = request;
             const optionHeaders = Object.fromEntries(request.headers.entries());
             const {
               data: requestData,

diff --git a/ios/Capacitor/Capacitor/assets/native-bridge.js b/ios/Capacitor/Capacitor/assets/native-bridge.js
@@ -502,11 +502,11 @@ var nativeBridge = (function (exports) {
                         if (request.url.startsWith(`${cap.getServerUrl()}/`)) {
                             return win.CapacitorWebFetch(resource, options);
                         }
-                        if (!(options === null || options === void 0 ? void 0 : options.method) ||
-                            options.method.toLocaleUpperCase() === 'GET' ||
-                            options.method.toLocaleUpperCase() === 'HEAD' ||
-                            options.method.toLocaleUpperCase() === 'OPTIONS' ||
-                            options.method.toLocaleUpperCase() === 'TRACE') {
+                        const { method } = request;
+                        if (method.toLocaleUpperCase() === 'GET' ||
+                            method.toLocaleUpperCase() === 'HEAD' ||
+                            method.toLocaleUpperCase() === 'OPTIONS' ||
+                            method.toLocaleUpperCase() === 'TRACE') {
                             if (typeof resource === 'string') {
                                 return await win.CapacitorWebFetch(createProxyUrl(resource, win), options);
                             }
@@ -518,8 +518,7 @@ var nativeBridge = (function (exports) {
                         const tag = `CapacitorHttp fetch ${Date.now()} ${resource}`;
                         console.time(tag);
                         try {
-                            // intercept request & pass to the bridge
-                            const { body, method } = request;
+                            const { body } = request;
                             const optionHeaders = Object.fromEntries(request.headers.entries());
                             const { data: requestData, type, headers, } = await convertBody((options === null || options === void 0 ? void 0 : options.body) || body || undefined, optionHeaders['Content-Type'] || optionHeaders['content-type']);
                             const nativeResponse = await cap.nativePromise('CapacitorHttp', 'request', {