Skip to content

Commit c0cf4b4

Browse files
author
GitHub Actions
committed
Update dist
1 parent 6b4d495 commit c0cf4b4

File tree

1 file changed

+28
-2
lines changed

1 file changed

+28
-2
lines changed

dist/index.js

Lines changed: 28 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52870,9 +52870,17 @@ AbortError.prototype = Object.create(Error.prototype);
5287052870
AbortError.prototype.constructor = AbortError;
5287152871
AbortError.prototype.name = 'AbortError';
5287252872

52873+
const URL$1 = Url.URL || whatwgUrl.URL;
52874+
5287352875
// fix an issue where "PassThrough", "resolve" aren't a named export for node <10
5287452876
const PassThrough$1 = Stream.PassThrough;
52875-
const resolve_url = Url.resolve;
52877+
52878+
const isDomainOrSubdomain = function isDomainOrSubdomain(destination, original) {
52879+
const orig = new URL$1(original).hostname;
52880+
const dest = new URL$1(destination).hostname;
52881+
52882+
return orig === dest || orig[orig.length - dest.length - 1] === '.' && orig.endsWith(dest);
52883+
};
5287652884

5287752885
/**
5287852886
* Fetch function
@@ -52960,7 +52968,19 @@ function fetch(url, opts) {
5296052968
const location = headers.get('Location');
5296152969

5296252970
// HTTP fetch step 5.3
52963-
const locationURL = location === null ? null : resolve_url(request.url, location);
52971+
let locationURL = null;
52972+
try {
52973+
locationURL = location === null ? null : new URL$1(location, request.url).toString();
52974+
} catch (err) {
52975+
// error here can only be invalid URL in Location: header
52976+
// do not throw when options.redirect == manual
52977+
// let the user extract the errorneous redirect URL
52978+
if (request.redirect !== 'manual') {
52979+
reject(new FetchError(`uri requested responds with an invalid redirect URL: ${location}`, 'invalid-redirect'));
52980+
finalize();
52981+
return;
52982+
}
52983+
}
5296452984

5296552985
// HTTP fetch step 5.5
5296652986
switch (request.redirect) {
@@ -53008,6 +53028,12 @@ function fetch(url, opts) {
5300853028
size: request.size
5300953029
};
5301053030

53031+
if (!isDomainOrSubdomain(request.url, locationURL)) {
53032+
for (const name of ['authorization', 'www-authenticate', 'cookie', 'cookie2']) {
53033+
requestOpts.headers.delete(name);
53034+
}
53035+
}
53036+
5301153037
// HTTP-redirect fetch step 9
5301253038
if (res.statusCode !== 303 && request.body && getTotalBytes(request) === null) {
5301353039
reject(new FetchError('Cannot follow redirect with body being a readable stream', 'unsupported-redirect'));

0 commit comments

Comments
 (0)