Skip to content

Commit 3398cd8

Browse files
peter-evanspeter-evans
authored
Merge pull request #122 from peter-evans/update-distribution
Update distribution
2 parents b554f71 + 055d49d commit 3398cd8

File tree

1 file changed

+29
-3
lines changed

1 file changed

+29
-3
lines changed

dist/index.js

Lines changed: 29 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -26020,7 +26020,7 @@ Object.defineProperty(Response.prototype, Symbol.toStringTag, {
2602026020
});
2602126021

2602226022
const INTERNALS$2 = Symbol('Request internals');
26023-
const URL = whatwgUrl.URL;
26023+
const URL = Url.URL || whatwgUrl.URL;
2602426024

2602526025
// fix an issue where "format", "parse" aren't a named export for node <10
2602626026
const parse_url = Url.parse;
@@ -26283,9 +26283,17 @@ AbortError.prototype = Object.create(Error.prototype);
2628326283
AbortError.prototype.constructor = AbortError;
2628426284
AbortError.prototype.name = 'AbortError';
2628526285

26286+
const URL$1 = Url.URL || whatwgUrl.URL;
26287+
2628626288
// fix an issue where "PassThrough", "resolve" aren't a named export for node <10
2628726289
const PassThrough$1 = Stream.PassThrough;
26288-
const resolve_url = Url.resolve;
26290+
26291+
const isDomainOrSubdomain = function isDomainOrSubdomain(destination, original) {
26292+
const orig = new URL$1(original).hostname;
26293+
const dest = new URL$1(destination).hostname;
26294+
26295+
return orig === dest || orig[orig.length - dest.length - 1] === '.' && orig.endsWith(dest);
26296+
};
2628926297

2629026298
/**
2629126299
* Fetch function
@@ -26373,7 +26381,19 @@ function fetch(url, opts) {
2637326381
const location = headers.get('Location');
2637426382

2637526383
// HTTP fetch step 5.3
26376-
const locationURL = location === null ? null : resolve_url(request.url, location);
26384+
let locationURL = null;
26385+
try {
26386+
locationURL = location === null ? null : new URL$1(location, request.url).toString();
26387+
} catch (err) {
26388+
// error here can only be invalid URL in Location: header
26389+
// do not throw when options.redirect == manual
26390+
// let the user extract the errorneous redirect URL
26391+
if (request.redirect !== 'manual') {
26392+
reject(new FetchError(`uri requested responds with an invalid redirect URL: ${location}`, 'invalid-redirect'));
26393+
finalize();
26394+
return;
26395+
}
26396+
}
2637726397

2637826398
// HTTP fetch step 5.5
2637926399
switch (request.redirect) {
@@ -26421,6 +26441,12 @@ function fetch(url, opts) {
2642126441
size: request.size
2642226442
};
2642326443

26444+
if (!isDomainOrSubdomain(request.url, locationURL)) {
26445+
for (const name of ['authorization', 'www-authenticate', 'cookie', 'cookie2']) {
26446+
requestOpts.headers.delete(name);
26447+
}
26448+
}
26449+
2642426450
// HTTP-redirect fetch step 9
2642526451
if (res.statusCode !== 303 && request.body && getTotalBytes(request) === null) {
2642626452
reject(new FetchError('Cannot follow redirect with body being a readable stream', 'unsupported-redirect'));

0 commit comments

Comments
 (0)