@digipair/skill-oauth2 0.136.1 → 0.136.3

package/dist/index.esm.js

@@ -22329,7 +22329,12 @@ var internals = {
         'lookup',
         'family',
         'hints'
-    ]
+    ],
+    sensitiveCrossHostHeaders: new Set([
+        'authorization',
+        'cookie',
+        'proxy-authorization'
+    ])
 };
 // New instance is exported as module.exports
 internals.Client = /*#__PURE__*/ function() {
@@ -22541,7 +22546,7 @@ internals.Client = /*#__PURE__*/ function() {
                         return finishOnce(Boom.badGateway('Received redirection without location', _trace));
                     }
                     if (!/^https?:/i.test(location)) {
-                        location = Url.resolve(uri.href, location);
+                        location = new Url.URL(location, uri.href).href;
                     }
                     var redirectOptions = Hoek$3.clone(options, {
                         shallow: internals.shallowOptions
@@ -22553,16 +22558,15 @@ internals.Client = /*#__PURE__*/ function() {
                         var elapsed = Date.now() - start;
                         redirectOptions.timeout = (redirectOptions.timeout - elapsed).toString(); // stringify to not drop timeout when === 0
                     }
-                    // When redirecting to a new hostname, remove the authorization and cookie headers
+                    // When redirecting cross-origin (scheme, host, or port differs), remove sensitive credential headers
                     if (redirectOptions.headers) {
                         var parsedLocation = new URL(location);
-                        if (uri.hostname !== parsedLocation.hostname) {
+                        if (uri.origin !== parsedLocation.origin) {
                             var _iteratorNormalCompletion = true, _didIteratorError = false, _iteratorError = undefined;
                             try {
                                 for(var _iterator = Object.keys(redirectOptions.headers)[Symbol.iterator](), _step; !(_iteratorNormalCompletion = (_step = _iterator.next()).done); _iteratorNormalCompletion = true){
                                     var header = _step.value;
-                                    var lowerHeader = header.toLowerCase();
-                                    if (lowerHeader === 'authorization' || lowerHeader === 'cookie') {
+                                    if (internals.sensitiveCrossHostHeaders.has(header.toLowerCase())) {
                                         delete redirectOptions.headers[header];
                                     }
                                 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@digipair/skill-oauth2",
-  "version": "0.136.1",
+  "version": "0.136.3",
   "main": "./dist/index.cjs.js",
   "module": "./dist/index.esm.js",
   "types": "./dist/index.d.ts",

package/dist/src/index.d.ts

@@ -1,2 +0,0 @@
-export * from './lib/skill-oauth2';
-//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,oBAAoB,CAAC"}

package/dist/src/lib/skill-oauth2.d.ts

@@ -1,13 +0,0 @@
-import { PinsSettings } from '@digipair/engine';
-export declare const authorizationCodeUrl: (params: any, pinsSettingsList: PinsSettings[], context: any) => Promise<any>;
-export declare const authorizationCodeAccessToken: (params: any, pinsSettingsList: PinsSettings[], context: any) => Promise<any>;
-export declare const authorizationCodeCreateToken: (params: any, pinsSettingsList: PinsSettings[], context: any) => Promise<any>;
-export declare const resourceOwnerPasswordAccessToken: (params: any, pinsSettingsList: PinsSettings[], context: any) => Promise<any>;
-export declare const resourceOwnerPasswordCreateToken: (params: any, pinsSettingsList: PinsSettings[], context: any) => Promise<any>;
-export declare const clientCredentialsAccessToken: (params: any, pinsSettingsList: PinsSettings[], context: any) => Promise<any>;
-export declare const clientCredentialsCreateToken: (params: any, pinsSettingsList: PinsSettings[], context: any) => Promise<any>;
-export declare const tokenExpired: (params: any, pinsSettingsList: PinsSettings[], context: any) => Promise<any>;
-export declare const tokenRefresh: (params: any, pinsSettingsList: PinsSettings[], context: any) => Promise<any>;
-export declare const tokenRevoke: (params: any, pinsSettingsList: PinsSettings[], context: any) => Promise<any>;
-export declare const tokenRevokeAll: (params: any, pinsSettingsList: PinsSettings[], context: any) => Promise<any>;
-//# sourceMappingURL=skill-oauth2.d.ts.map

package/dist/src/lib/skill-oauth2.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"skill-oauth2.d.ts","sourceRoot":"","sources":["../../../src/lib/skill-oauth2.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AA8GhD,eAAO,MAAM,oBAAoB,GAAI,QAAQ,GAAG,EAAE,kBAAkB,YAAY,EAAE,EAAE,SAAS,GAAG,iBACnB,CAAC;AAE9E,eAAO,MAAM,4BAA4B,GACvC,QAAQ,GAAG,EACX,kBAAkB,YAAY,EAAE,EAChC,SAAS,GAAG,iBAC0E,CAAC;AAEzF,eAAO,MAAM,4BAA4B,GACvC,QAAQ,GAAG,EACX,kBAAkB,YAAY,EAAE,EAChC,SAAS,GAAG,iBAC0E,CAAC;AAEzF,eAAO,MAAM,gCAAgC,GAC3C,QAAQ,GAAG,EACX,kBAAkB,YAAY,EAAE,EAChC,SAAS,GAAG,iBAC8E,CAAC;AAE7F,eAAO,MAAM,gCAAgC,GAC3C,QAAQ,GAAG,EACX,kBAAkB,YAAY,EAAE,EAChC,SAAS,GAAG,iBAC8E,CAAC;AAE7F,eAAO,MAAM,4BAA4B,GACvC,QAAQ,GAAG,EACX,kBAAkB,YAAY,EAAE,EAChC,SAAS,GAAG,iBAC0E,CAAC;AAEzF,eAAO,MAAM,4BAA4B,GACvC,QAAQ,GAAG,EACX,kBAAkB,YAAY,EAAE,EAChC,SAAS,GAAG,iBAC0E,CAAC;AAEzF,eAAO,MAAM,YAAY,GAAI,QAAQ,GAAG,EAAE,kBAAkB,YAAY,EAAE,EAAE,SAAS,GAAG,iBACnB,CAAC;AAEtE,eAAO,MAAM,YAAY,GAAI,QAAQ,GAAG,EAAE,kBAAkB,YAAY,EAAE,EAAE,SAAS,GAAG,iBACnB,CAAC;AAEtE,eAAO,MAAM,WAAW,GAAI,QAAQ,GAAG,EAAE,kBAAkB,YAAY,EAAE,EAAE,SAAS,GAAG,iBACnB,CAAC;AAErE,eAAO,MAAM,cAAc,GAAI,QAAQ,GAAG,EAAE,kBAAkB,YAAY,EAAE,EAAE,SAAS,GAAG,iBACnB,CAAC"}