Merge pull request #139 from Sampaguitas/master

FGRibreau · web-flow · commit f51734478e60 · 2022-02-21T17:39:57.000+01:00
test file (information leak) #137
diff --git a/test/leak.test.js b/test/leak.test.js
@@ -0,0 +1,39 @@
+'use strict';
+
+var request = require('../').defaults({ json: true });;
+var t = require('chai').assert;
+
+describe('Information Leak', function () {
+
+    it('should not forward cookie headers when the request has a redirect', function (done) {
+
+        request({
+            url: 'https://httpbingo.org/redirect-to?url=http://httpbingo.org/cookies',
+            headers: {
+                'Content-Type': 'application/json',
+                'cookie': 'ajs_anonymous_id=1234567890',
+                'authorization': 'Bearer eyJhb12345abcdef'
+            },
+            json:true
+        }, function (err, response, body) {
+            t.strictEqual(Object.keys(body).length, 0);
+            done();
+        });
+    });
+
+    it('should not forward authorization headers when the request has a redirect', function (done) {
+
+        request({
+            url: 'https://httpbingo.org/redirect-to?url=http://httpbingo.org/bearer',
+            headers: {
+                'Content-Type': 'application/json',
+                'cookie': 'ajs_anonymous_id=1234567890',
+                'authorization': 'Bearer eyJhb12345abcdef'
+            }
+        }, function (err, response, body) {
+            t.strictEqual(body, '');
+            done();
+        });
+    });
+
+});
