Comments (1)
This is handled in lib/adapters/http.js.
My first approach was to just delete Proxy-Authorization
whenever we redirect:
function dispatchBeforeRedirect(options, responseDetails) {
if (options.beforeRedirects.proxy) {
options.beforeRedirects.proxy(options);
}
if (options.beforeRedirects.config) {
options.beforeRedirects.config(options, responseDetails);
}
// Clear Proxy-Authorization header during cross-domain redirects
delete options.headers['Proxy-Authorization'];
}
My second approach is to remove Proxy-Authorization
from header, but then turn it into a veriable returned by options
. The same way it is implemented for authorization
:
// HTTP basic authentication
let auth = undefined;
if (config.auth) {
const username = config.auth.username || '';
const password = config.auth.password || '';
auth = username + ':' + password;
}
if (!auth && parsed.username) {
const urlUsername = parsed.username;
const urlPassword = parsed.password;
auth = urlUsername + ':' + urlPassword;
}
auth && headers.delete('authorization');
Which way should I fix this security vulnerability?
from axios.
Related Issues (20)
- vite5+vue3+ts Sending request error SyntaxError: The requested module '/node_modules/.vite/deps/axios.js?v=bc297318' does not provide an export named 'AxiosInstance' HOT 1
- Issue CVEs for vulnerabilities fixed by #6167 and #6163 HOT 1
- How to set localAddress when sending HTTP requests? HOT 2
- API call happening twice, but called once! HOT 3
- RefferenceError: Axios is not defined. HOT 2
- Security vulnerability HOT 2
- postForm's form-data serialization breaks for Blob in Node.js
- Axios stream aborts early during 204 response from prism cli.
- I am getting a error involving CancelToken.js...
- TypeError: Converting circular structure to JSON
- React native Android NETWORK ERROR HOT 1
- Issue with downloading files larger than a few mbs on Chrome specifically HOT 4
- please expose the formDataToStream for public use
- 100% Upload progress on dev mode only.
- XSRF-TOKEN logic should utilize cookie domain instead of current page domain HOT 1
- Question: Rollup configuration with ESM
- Formidable arbitrary file upload vulnerability HOT 1
- ERR_FR_TOO_MANY_REDIRECTS using Axios but not in browser, using curl or python-requests HOT 2
- Cannot read properties of undefined (reading 'prototype') at node_modules/follow-redirects/index.js HOT 1
- Using RawAxiosRequestHeaders cause compiler error
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from axios.