@sap-cloud-sdk/http-client 4.6.1-20260521015306.0 → 4.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -5,6 +5,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
5
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
6
|
exports.csrf = csrf;
|
|
7
7
|
exports.buildCsrfFetchHeaders = buildCsrfFetchHeaders;
|
|
8
|
+
const url_1 = require("url");
|
|
8
9
|
const util_1 = require("@sap-cloud-sdk/util");
|
|
9
10
|
const axios_1 = __importDefault(require("axios"));
|
|
10
11
|
const internal_1 = require("@sap-cloud-sdk/resilience/internal");
|
|
@@ -112,9 +113,22 @@ function findCsrfHeader(headers) {
|
|
|
112
113
|
: {};
|
|
113
114
|
return { 'x-csrf-token': csrfHeader, ...cookieHeader };
|
|
114
115
|
}
|
|
116
|
+
function isCrossHost(csrfUrl, requestUrl) {
|
|
117
|
+
if (!csrfUrl || !requestUrl) {
|
|
118
|
+
return false;
|
|
119
|
+
}
|
|
120
|
+
if (!(0, util_1.isValidUrl)(csrfUrl) || !(0, util_1.isValidUrl)(requestUrl)) {
|
|
121
|
+
return false;
|
|
122
|
+
}
|
|
123
|
+
return new url_1.URL(csrfUrl).hostname !== new url_1.URL(requestUrl).hostname;
|
|
124
|
+
}
|
|
115
125
|
async function makeCsrfRequests(requestConfig, options) {
|
|
116
126
|
// eslint-disable-next-line @typescript-eslint/no-unused-vars
|
|
117
127
|
const { data, params, parameterEncoder, ...requestConfigWithoutData } = requestConfig;
|
|
128
|
+
// TODO: In v5, make cross-host CSRF token fetching opt-in instead of just warning.
|
|
129
|
+
if (isCrossHost(options.url, requestConfig.baseURL)) {
|
|
130
|
+
logger.warn(`The CSRF token fetch URL (${options.url}) has a different host than the request URL (${requestConfig.baseURL}). Sensitive headers will be forwarded to the CSRF token endpoint.`);
|
|
131
|
+
}
|
|
118
132
|
const axiosConfig = {
|
|
119
133
|
...requestConfigWithoutData,
|
|
120
134
|
method: options.method || 'head',
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csrf-token-middleware.js","sourceRoot":"","sources":["../src/csrf-token-middleware.ts"],"names":[],"mappings":";;;;;
|
|
1
|
+
{"version":3,"file":"csrf-token-middleware.js","sourceRoot":"","sources":["../src/csrf-token-middleware.ts"],"names":[],"mappings":";;;;;AAiDA,oBAiBC;AAmDD,sDAUC;AA/HD,6BAA0B;AAC1B,8CAS6B;AAC7B,kDAA0B;AAC1B,iEAA2E;AAW3E,MAAM,MAAM,GAAG,IAAA,mBAAY,EAAC,iBAAiB,CAAC,CAAC;AAoB/C;;;;;GAKG;AACH,SAAgB,IAAI,CAAC,OAA+B;IAClD,OAAO,CAAC,iBAAwC,EAAE,EAAE,CAAC,KAAK,EAAC,aAAa,EAAC,EAAE;QACzE,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,EAAE,CAAC;YACnC,OAAO,iBAAiB,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC;QAC7C,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,aAAa,EAAE;YACtD,GAAG,OAAO;YACV,GAAG,iBAAiB;SACrB,CAAC,CAAC;QACH,IAAI,SAAS,EAAE,MAAM,EAAE,CAAC;YACtB,SAAS,CAAC,MAAM,GAAG,aAAa,CAAC,OAAO,EAAE,MAAM;gBAC9C,CAAC,CAAC,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;gBAC9D,CAAC,CAAC,SAAS,EAAE,MAAM,CAAC;QACxB,CAAC;QACD,aAAa,CAAC,OAAO,GAAG,EAAE,GAAG,aAAa,CAAC,OAAO,EAAE,GAAG,SAAS,EAAE,CAAC;QACnE,OAAO,iBAAiB,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC;IAC7C,CAAC,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,aAAgC;IACtD,IAAI,aAAa,CAAC,MAAM,CAAC,WAAW,EAAE,KAAK,KAAK,EAAE,CAAC;QACjD,MAAM,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACpD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,IAAA,0BAAmB,EAAC,aAAa,CAAC,OAAO,EAAE,cAAc,CAAC,EAAE,CAAC;QAC/D,MAAM,CAAC,KAAK,CACV,8DAA8D,CAC/D,CAAC;QACF,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,WAAW,CAAkC,aAAgB;IACpE,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,CAAC;QACvB,aAAa,CAAC,GAAG,GAAG,GAAG,CAAC;IAC1B,CAAC;SAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC5C,aAAa,CAAC,GAAG,GAAG,GAAG,aAAa,CAAC,GAAG,GAAG,CAAC;IAC9C,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,WAAW,CAAkC,aAAgB;IACpE,IAAI,aAAa,CAAC,GAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,aAAa,CAAC,GAAG,GAAG,IAAA,4BAAqB,EAAC,aAAa,CAAC,GAAI,CAAC,CAAC;IAChE,CAAC;IACD,OAAO,aAAa,CAAC;AACvB,CAAC;AAED,SAAS,YAAY,CAAC,OAA4B;IAChD,OAAO,MAAM,CAAC,MAAM,CAAC,IAAA,qBAAc,EAAC,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,kBAAkB,CAAC,OAA4B;IACtD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,IAAA,qBAAc,EAAC,OAAO,EAAE,YAAY,CAAC,CAAC,CAAC;IACrE,yFAAyF;IACzF,OAAO,IAAA,cAAO,EAAC,OAAO,CAAC;SACpB,GAAG,CAAC,CAAC,MAAc,EAAE,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;SAC7C,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,SAAgB,qBAAqB,CAAC,OAAY;IAChD,MAAM,sBAAsB,GAC1B,IAAA,YAAK,EAAC,MAAM,CAAC,IAAI,CAAC,IAAA,qBAAc,EAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC;QAC7D,gBAAgB,CAAC;IAEnB,OAAO;QACL,cAAc,EAAE,OAAO;QACvB,GAAG,OAAO;QACV,CAAC,sBAAsB,CAAC,EAAE,CAAC;KAC5B,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,eAAe,CAC5B,aAAgC,EAChC,OAAmE;IAEnE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,IAAA,gCAAqB,EAAC,OAAO,CAAC,UAAU,EAAE;YAC/D,EAAE,EAAE,eAAK,CAAC,OAAO;YACjB,UAAU,EAAE,aAAa;YACzB,OAAO,EAAE,OAAO,CAAC,OAAO;SACzB,CAAC,CAAC;QACH,OAAO,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,cAAc,CAAC,KAAK,CAAC,QAAQ,EAAE,OAAO,CAAC,EAAE,CAAC;YAC5C,OAAO,cAAc,CAAC,KAAK,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjD,CAAC;QACD,MAAM,CAAC,IAAI,CACT,IAAI,qBAAc,CAChB,uCAAuC,aAAa,CAAC,GAAG,GAAG,EAC3D,KAAK,CACN,CACF,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CACrB,OAAwC;IAExC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IACzC,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;IACT,CAAC;IACD,MAAM,YAAY,GAAG,kBAAkB,CAAC,OAAO,CAAC;QAC9C,CAAC,CAAC,EAAE,MAAM,EAAE,kBAAkB,CAAC,OAAO,CAAC,EAAE;QACzC,CAAC,CAAC,EAAE,CAAC;IACP,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,YAAY,EAAE,CAAC;AACzD,CAAC;AAED,SAAS,WAAW,CAClB,OAA2B,EAC3B,UAA8B;IAE9B,IAAI,CAAC,OAAO,IAAI,CAAC,UAAU,EAAE,CAAC;QAC5B,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,IAAA,iBAAU,EAAC,OAAO,CAAC,IAAI,CAAC,IAAA,iBAAU,EAAC,UAAU,CAAC,EAAE,CAAC;QACpD,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,SAAG,CAAC,OAAO,CAAC,CAAC,QAAQ,KAAK,IAAI,SAAG,CAAC,UAAU,CAAC,CAAC,QAAQ,CAAC;AACpE,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,aAAgC,EAChC,OAAmE;IAEnE,6DAA6D;IAC7D,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,gBAAgB,EAAE,GAAG,wBAAwB,EAAE,GACnE,aAAa,CAAC;IAEhB,mFAAmF;IACnF,IAAI,WAAW,CAAC,OAAO,CAAC,GAAG,EAAE,aAAa,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,MAAM,CAAC,IAAI,CACT,6BAA6B,OAAO,CAAC,GAAG,gDAAgD,aAAa,CAAC,OAAO,oEAAoE,CAClL,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAgC;QAC/C,GAAG,wBAAwB;QAC3B,MAAM,EAAE,OAAO,CAAC,MAAM,IAAI,MAAM;QAChC,GAAG,EAAE,OAAO,CAAC,GAAG,IAAI,aAAa,CAAC,GAAG;QACrC,OAAO,EAAE,qBAAqB,CAAC,aAAa,CAAC,OAAO,CAAC;KACtD,CAAC;IAEF,wDAAwD;IACxD,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;QAChB,OAAO,eAAe,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;IAC/C,CAAC;IAED,0FAA0F;IAC1F,mHAAmH;IACnH,2CAA2C;IAC3C,oCAAoC;IACpC,OAAO,CACL,CAAC,MAAM,eAAe,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC,CAAC;QAC1D,CAAC,MAAM,eAAe,CAAC,WAAW,CAAC,WAAW,CAAC,EAAE,OAAO,CAAC,CAAC,CAC3D,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sap-cloud-sdk/http-client",
|
|
3
|
-
"version": "4.
|
|
3
|
+
"version": "4.7.0",
|
|
4
4
|
"description": "SAP Cloud SDK for JavaScript http-client",
|
|
5
5
|
"homepage": "https://sap.github.io/cloud-sdk/docs/js/overview",
|
|
6
6
|
"license": "Apache-2.0",
|
|
@@ -30,9 +30,9 @@
|
|
|
30
30
|
},
|
|
31
31
|
"dependencies": {
|
|
32
32
|
"axios": "^1.15.0",
|
|
33
|
-
"@sap-cloud-sdk/connectivity": "^4.
|
|
34
|
-
"@sap-cloud-sdk/resilience": "^4.
|
|
35
|
-
"@sap-cloud-sdk/util": "^4.
|
|
33
|
+
"@sap-cloud-sdk/connectivity": "^4.7.0",
|
|
34
|
+
"@sap-cloud-sdk/resilience": "^4.7.0",
|
|
35
|
+
"@sap-cloud-sdk/util": "^4.7.0"
|
|
36
36
|
},
|
|
37
37
|
"devDependencies": {
|
|
38
38
|
"depcheck": "^1.4.7",
|
|
@@ -41,7 +41,7 @@
|
|
|
41
41
|
"nock": "^14.0.11",
|
|
42
42
|
"prettier": "^3.8.1",
|
|
43
43
|
"typescript": "~5.9.3",
|
|
44
|
-
"@sap-cloud-sdk/test-util-internal": "^4.
|
|
44
|
+
"@sap-cloud-sdk/test-util-internal": "^4.7.0"
|
|
45
45
|
},
|
|
46
46
|
"scripts": {
|
|
47
47
|
"compile": "tsc -b",
|