File tree Expand file tree Collapse file tree 1 file changed +37
-0
lines changed
Expand file tree Collapse file tree 1 file changed +37
-0
lines changed Original file line number Diff line number Diff line change 1+ 'use strict' ;
2+
3+ var request = require ( '../' ) . defaults ( { json : true } ) ; ;
4+ var t = require ( 'chai' ) . assert ;
5+
6+ describe ( 'Information Leak' , function ( ) {
7+
8+ it ( 'should not forward cookie headers when the request has a redirect' , function ( done ) {
9+
10+ request ( {
11+ url : 'https://httpbingo.org/cookies?url=https://google.com/' ,
12+ headers : {
13+ 'Content-Type' : 'application/json' ,
14+ 'cookie' : 'ajs_anonymous_id=1234567890' ,
15+ 'authorization' : 'Bearer eyJhb12345abcdef'
16+ }
17+ } , function ( err , response , body ) {
18+ t . strictEqual ( Object . keys ( body ) . length , 0 ) ;
19+ done ( ) ;
20+ } ) ;
21+ } ) ;
22+
23+ it ( 'should not forward authorization headers when the request has a redirect' , function ( done ) {
24+
25+ request ( {
26+ url : 'https://httpbingo.org/bearer?url=https://google.com/' ,
27+ headers : {
28+ 'Content-Type' : 'application/json' ,
29+ 'cookie' : 'ajs_anonymous_id=1234567890' ,
30+ 'authorization' : 'Bearer eyJhb12345abcdef'
31+ }
32+ } , function ( err , response , body ) {
33+ t . strictEqual ( body , undefined ) ;
34+ done ( ) ;
35+ } ) ;
36+ } ) ;
37+ } ) ;
You can’t perform that action at this time.
0 commit comments