File tree Expand file tree Collapse file tree 2 files changed +28
-5
lines changed
Expand file tree Collapse file tree 2 files changed +28
-5
lines changed Original file line number Diff line number Diff line change @@ -35,10 +35,14 @@ function sanitizeHeaders(options) {
3535 const queryObject = querystring . parse ( urlObject . query ) ;
3636
3737 const hasExternalLink = Object . keys ( queryObject ) . some ( function ( queryParam ) {
38- const qUrl = url . parse ( queryObject [ queryParam ] ) ;
39-
40- // external link if protocol || host || port is different
41- return ( ! ! qUrl . host && ( qUrl . protocol !== urlObject . protocol || qUrl . host !== urlObject . host || qUrl . port !== urlObject . port ) ) ;
38+ const values = _ . isArray ( queryObject [ queryParam ] ) ? queryObject [ queryParam ] : [ queryObject [ queryParam ] ]
39+ const v = values . map ( v => {
40+ const qUrl = url . parse ( v ) ;
41+
42+ // external link if protocol || host || port is different
43+ return ( ! ! qUrl . host && ( qUrl . protocol !== urlObject . protocol || qUrl . host !== urlObject . host || qUrl . port !== urlObject . port ) ) ;
44+ } )
45+ return v . some ( v => v === true )
4246 } ) ;
4347
4448 if ( hasExternalLink && options . hasOwnProperty ( "headers" ) && typeof ( options . headers ) === "object" ) {
@@ -74,7 +78,7 @@ function _cloneOptions(options) {
7478 */
7579function makePromise ( requestInstance , promiseFactoryFn ) {
7680
77- // Resolver function wich assigns the promise (resolve, reject) functions
81+ // Resolver function which assigns the promise (resolve, reject) functions
7882 // to the requestInstance
7983 function Resolver ( resolve , reject ) {
8084 this . _resolve = resolve ;
Original file line number Diff line number Diff line change @@ -108,4 +108,23 @@ describe('Information Leak', function () {
108108 } ) ;
109109 } ) ;
110110
111+
112+ it ( 'should not fail when the request has query parameters in array format' , function ( done ) {
113+
114+ request ( {
115+ url : 'https://httpbingo.org/bearer?test=hello&test=world' ,
116+ headers : {
117+ 'Content-Type' : 'application/json' ,
118+ 'cookie' : 'ajs_anonymous_id=1234567890' ,
119+ 'authorization' : 'Bearer eyJhb12345abcdef'
120+ }
121+ } , function ( err , response , body ) {
122+ t . deepEqual ( body , {
123+ "authenticated" : true ,
124+ "token" : "eyJhb12345abcdef"
125+ } ) ;
126+ done ( ) ;
127+ } ) ;
128+ } ) ;
129+
111130} ) ;
You can’t perform that action at this time.
0 commit comments