reflex-search 1.5.2 → 1.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/node_modules/.package-lock.json +15 -15
- package/node_modules/axios/CHANGELOG.md +126 -1
- package/node_modules/axios/README.md +390 -257
- package/node_modules/axios/dist/axios.js +511 -154
- package/node_modules/axios/dist/axios.min.js +3 -3
- package/node_modules/axios/dist/axios.min.js.map +1 -1
- package/node_modules/axios/dist/browser/axios.cjs +537 -124
- package/node_modules/axios/dist/esm/axios.js +537 -124
- package/node_modules/axios/dist/esm/axios.min.js +2 -2
- package/node_modules/axios/dist/esm/axios.min.js.map +1 -1
- package/node_modules/axios/dist/node/axios.cjs +753 -226
- package/node_modules/axios/index.d.cts +27 -4
- package/node_modules/axios/index.d.ts +23 -2
- package/node_modules/axios/lib/adapters/adapters.js +1 -1
- package/node_modules/axios/lib/adapters/fetch.js +217 -47
- package/node_modules/axios/lib/adapters/http.js +274 -169
- package/node_modules/axios/lib/adapters/xhr.js +1 -0
- package/node_modules/axios/lib/core/Axios.js +4 -2
- package/node_modules/axios/lib/core/AxiosError.js +13 -1
- package/node_modules/axios/lib/core/AxiosHeaders.js +12 -9
- package/node_modules/axios/lib/core/buildFullPath.js +29 -1
- package/node_modules/axios/lib/core/mergeConfig.js +35 -0
- package/node_modules/axios/lib/defaults/transitional.js +2 -0
- package/node_modules/axios/lib/env/data.js +1 -1
- package/node_modules/axios/lib/helpers/AxiosURLSearchParams.js +1 -3
- package/node_modules/axios/lib/helpers/Http2Sessions.js +119 -0
- package/node_modules/axios/lib/helpers/buildURL.js +7 -4
- package/node_modules/axios/lib/helpers/composeSignals.js +1 -1
- package/node_modules/axios/lib/helpers/cookies.js +5 -1
- package/node_modules/axios/lib/helpers/estimateDataURLDecodedBytes.js +16 -11
- package/node_modules/axios/lib/helpers/formDataToJSON.js +25 -3
- package/node_modules/axios/lib/helpers/formDataToStream.js +2 -2
- package/node_modules/axios/lib/helpers/fromDataURI.js +4 -2
- package/node_modules/axios/lib/helpers/resolveConfig.js +26 -13
- package/node_modules/axios/lib/helpers/shouldBypassProxy.js +33 -1
- package/node_modules/axios/lib/helpers/toFormData.js +48 -12
- package/node_modules/axios/lib/helpers/validator.js +1 -1
- package/node_modules/axios/lib/utils.js +97 -12
- package/node_modules/axios/package.json +29 -13
- package/node_modules/brace-expansion/dist/commonjs/index.js +24 -14
- package/node_modules/brace-expansion/dist/commonjs/index.js.map +1 -1
- package/node_modules/brace-expansion/dist/esm/index.js +24 -14
- package/node_modules/brace-expansion/dist/esm/index.js.map +1 -1
- package/node_modules/brace-expansion/package.json +2 -2
- package/node_modules/form-data/CHANGELOG.md +29 -2
- package/node_modules/form-data/README.md +4 -4
- package/node_modules/form-data/lib/form_data.js +14 -2
- package/node_modules/form-data/package.json +7 -7
- package/node_modules/hasown/CHANGELOG.md +18 -0
- package/node_modules/hasown/eslint.config.mjs +6 -0
- package/node_modules/hasown/package.json +13 -14
- package/npm-shrinkwrap.json +16 -16
- package/package.json +2 -2
- package/node_modules/axios/dist/axios.js.map +0 -1
- package/node_modules/axios/dist/browser/axios.cjs.map +0 -1
- package/node_modules/axios/dist/esm/axios.js.map +0 -1
- package/node_modules/axios/dist/node/axios.cjs.map +0 -1
- package/node_modules/hasown/.eslintrc +0 -5
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
/*! Axios v1.
|
|
1
|
+
/*! Axios v1.18.1 Copyright (c) 2026 Matt Zabriskie and contributors */
|
|
2
2
|
'use strict';
|
|
3
3
|
|
|
4
4
|
var FormData$1 = require('form-data');
|
|
@@ -40,6 +40,52 @@ const {
|
|
|
40
40
|
iterator,
|
|
41
41
|
toStringTag
|
|
42
42
|
} = Symbol;
|
|
43
|
+
|
|
44
|
+
/* Creating a function that will check if an object has a property. */
|
|
45
|
+
const hasOwnProperty = (({
|
|
46
|
+
hasOwnProperty
|
|
47
|
+
}) => (obj, prop) => hasOwnProperty.call(obj, prop))(Object.prototype);
|
|
48
|
+
|
|
49
|
+
/**
|
|
50
|
+
* Walk the prototype chain (excluding the shared Object.prototype) looking for
|
|
51
|
+
* an own `prop`. This distinguishes genuine own/inherited members — including
|
|
52
|
+
* class accessors and template prototypes — from members injected via
|
|
53
|
+
* Object.prototype pollution (e.g. `Object.prototype.username = '...'`), which
|
|
54
|
+
* live on Object.prototype itself and are therefore never matched.
|
|
55
|
+
*
|
|
56
|
+
* @param {*} thing The value whose chain to inspect
|
|
57
|
+
* @param {string|symbol} prop The property key to look for
|
|
58
|
+
*
|
|
59
|
+
* @returns {boolean} True when `prop` is owned below Object.prototype
|
|
60
|
+
*/
|
|
61
|
+
const hasOwnInPrototypeChain = (thing, prop) => {
|
|
62
|
+
let obj = thing;
|
|
63
|
+
const seen = [];
|
|
64
|
+
while (obj != null && obj !== Object.prototype) {
|
|
65
|
+
if (seen.indexOf(obj) !== -1) {
|
|
66
|
+
return false;
|
|
67
|
+
}
|
|
68
|
+
seen.push(obj);
|
|
69
|
+
if (hasOwnProperty(obj, prop)) {
|
|
70
|
+
return true;
|
|
71
|
+
}
|
|
72
|
+
obj = getPrototypeOf(obj);
|
|
73
|
+
}
|
|
74
|
+
return false;
|
|
75
|
+
};
|
|
76
|
+
|
|
77
|
+
/**
|
|
78
|
+
* Read `obj[prop]` only when it is safe from Object.prototype pollution. Own
|
|
79
|
+
* properties and members inherited from a non-Object.prototype source (a class
|
|
80
|
+
* instance or template object) are honored; a value reachable only through a
|
|
81
|
+
* polluted Object.prototype is ignored and `undefined` is returned.
|
|
82
|
+
*
|
|
83
|
+
* @param {*} obj The source object
|
|
84
|
+
* @param {string|symbol} prop The property key to read
|
|
85
|
+
*
|
|
86
|
+
* @returns {*} The resolved value, or undefined when unsafe/absent
|
|
87
|
+
*/
|
|
88
|
+
const getSafeProp = (obj, prop) => obj != null && hasOwnInPrototypeChain(obj, prop) ? obj[prop] : undefined;
|
|
43
89
|
const kindOf = (cache => thing => {
|
|
44
90
|
const str = toString.call(thing);
|
|
45
91
|
return cache[str] || (cache[str] = str.slice(8, -1).toLowerCase());
|
|
@@ -158,11 +204,15 @@ const isBoolean = thing => thing === true || thing === false;
|
|
|
158
204
|
* @returns {boolean} True if value is a plain Object, otherwise false
|
|
159
205
|
*/
|
|
160
206
|
const isPlainObject = val => {
|
|
161
|
-
if (
|
|
207
|
+
if (!isObject(val)) {
|
|
162
208
|
return false;
|
|
163
209
|
}
|
|
164
210
|
const prototype = getPrototypeOf(val);
|
|
165
|
-
return (prototype === null || prototype === Object.prototype ||
|
|
211
|
+
return (prototype === null || prototype === Object.prototype || getPrototypeOf(prototype) === null) &&
|
|
212
|
+
// Treat any genuine (non-Object.prototype-polluted) Symbol.toStringTag or
|
|
213
|
+
// Symbol.iterator as evidence the value is a tagged/iterable type rather
|
|
214
|
+
// than a plain object, while ignoring keys injected onto Object.prototype.
|
|
215
|
+
!hasOwnInPrototypeChain(val, toStringTag) && !hasOwnInPrototypeChain(val, iterator);
|
|
166
216
|
};
|
|
167
217
|
|
|
168
218
|
/**
|
|
@@ -417,7 +467,10 @@ function merge(...objs) {
|
|
|
417
467
|
if (key === '__proto__' || key === 'constructor' || key === 'prototype') {
|
|
418
468
|
return;
|
|
419
469
|
}
|
|
420
|
-
|
|
470
|
+
|
|
471
|
+
// findKey lowercases the key, so caseless lookup only applies to strings —
|
|
472
|
+
// symbol keys are identity-matched.
|
|
473
|
+
const targetKey = caseless && typeof key === 'string' && findKey(result, key) || key;
|
|
421
474
|
// Read via own-prop only — a bare `result[targetKey]` walks the prototype
|
|
422
475
|
// chain, so a polluted Object.prototype value could surface here and get
|
|
423
476
|
// copied into the merged result.
|
|
@@ -433,7 +486,21 @@ function merge(...objs) {
|
|
|
433
486
|
}
|
|
434
487
|
};
|
|
435
488
|
for (let i = 0, l = objs.length; i < l; i++) {
|
|
436
|
-
|
|
489
|
+
const source = objs[i];
|
|
490
|
+
if (!source || isBuffer(source)) {
|
|
491
|
+
continue;
|
|
492
|
+
}
|
|
493
|
+
forEach(source, assignValue);
|
|
494
|
+
if (typeof source !== 'object' || isArray(source)) {
|
|
495
|
+
continue;
|
|
496
|
+
}
|
|
497
|
+
const symbols = Object.getOwnPropertySymbols(source);
|
|
498
|
+
for (let j = 0; j < symbols.length; j++) {
|
|
499
|
+
const symbol = symbols[j];
|
|
500
|
+
if (propertyIsEnumerable.call(source, symbol)) {
|
|
501
|
+
assignValue(source[symbol], symbol);
|
|
502
|
+
}
|
|
503
|
+
}
|
|
437
504
|
}
|
|
438
505
|
return result;
|
|
439
506
|
}
|
|
@@ -645,11 +712,9 @@ const toCamelCase = str => {
|
|
|
645
712
|
return p1.toUpperCase() + p2;
|
|
646
713
|
});
|
|
647
714
|
};
|
|
648
|
-
|
|
649
|
-
|
|
650
|
-
|
|
651
|
-
hasOwnProperty
|
|
652
|
-
}) => (obj, prop) => hasOwnProperty.call(obj, prop))(Object.prototype);
|
|
715
|
+
const {
|
|
716
|
+
propertyIsEnumerable
|
|
717
|
+
} = Object.prototype;
|
|
653
718
|
|
|
654
719
|
/**
|
|
655
720
|
* Determine if a value is a RegExp object
|
|
@@ -824,6 +889,19 @@ const asap = typeof queueMicrotask !== 'undefined' ? queueMicrotask.bind(_global
|
|
|
824
889
|
// *********************
|
|
825
890
|
|
|
826
891
|
const isIterable = thing => thing != null && isFunction$1(thing[iterator]);
|
|
892
|
+
|
|
893
|
+
/**
|
|
894
|
+
* Determine if a value is iterable via an iterator that is NOT sourced solely
|
|
895
|
+
* from a polluted Object.prototype. Use this instead of `isIterable` whenever
|
|
896
|
+
* the iterable comes from untrusted input (e.g. user-supplied header sources),
|
|
897
|
+
* so `Object.prototype[Symbol.iterator] = ...` cannot turn an ordinary object
|
|
898
|
+
* into an attacker-controlled entries iterator.
|
|
899
|
+
*
|
|
900
|
+
* @param {*} thing The value to test
|
|
901
|
+
*
|
|
902
|
+
* @returns {boolean} True if value has a non-polluted iterator
|
|
903
|
+
*/
|
|
904
|
+
const isSafeIterable = thing => thing != null && hasOwnInPrototypeChain(thing, iterator) && isIterable(thing);
|
|
827
905
|
var utils$1 = {
|
|
828
906
|
isArray,
|
|
829
907
|
isArrayBuffer,
|
|
@@ -869,6 +947,8 @@ var utils$1 = {
|
|
|
869
947
|
hasOwnProperty,
|
|
870
948
|
hasOwnProp: hasOwnProperty,
|
|
871
949
|
// an alias to avoid ESLint no-prototype-builtins detection
|
|
950
|
+
hasOwnInPrototypeChain,
|
|
951
|
+
getSafeProp,
|
|
872
952
|
reduceDescriptors,
|
|
873
953
|
freezeMethods,
|
|
874
954
|
toObjectSet,
|
|
@@ -884,7 +964,8 @@ var utils$1 = {
|
|
|
884
964
|
isThenable,
|
|
885
965
|
setImmediate: _setImmediate,
|
|
886
966
|
asap,
|
|
887
|
-
isIterable
|
|
967
|
+
isIterable,
|
|
968
|
+
isSafeIterable
|
|
888
969
|
};
|
|
889
970
|
|
|
890
971
|
// RawAxiosHeaders whose duplicates are ignored by node
|
|
@@ -1034,7 +1115,7 @@ class AxiosHeaders {
|
|
|
1034
1115
|
function setHeader(_value, _header, _rewrite) {
|
|
1035
1116
|
const lHeader = normalizeHeader(_header);
|
|
1036
1117
|
if (!lHeader) {
|
|
1037
|
-
|
|
1118
|
+
return;
|
|
1038
1119
|
}
|
|
1039
1120
|
const key = utils$1.findKey(self, lHeader);
|
|
1040
1121
|
if (!key || self[key] === undefined || _rewrite === true || _rewrite === undefined && self[key] !== false) {
|
|
@@ -1046,15 +1127,21 @@ class AxiosHeaders {
|
|
|
1046
1127
|
setHeaders(header, valueOrRewrite);
|
|
1047
1128
|
} else if (utils$1.isString(header) && (header = header.trim()) && !isValidHeaderName(header)) {
|
|
1048
1129
|
setHeaders(parseHeaders(header), valueOrRewrite);
|
|
1049
|
-
} else if (utils$1.isObject(header) && utils$1.
|
|
1050
|
-
let obj =
|
|
1130
|
+
} else if (utils$1.isObject(header) && utils$1.isSafeIterable(header)) {
|
|
1131
|
+
let obj = Object.create(null),
|
|
1051
1132
|
dest,
|
|
1052
1133
|
key;
|
|
1053
1134
|
for (const entry of header) {
|
|
1054
1135
|
if (!utils$1.isArray(entry)) {
|
|
1055
|
-
throw TypeError('Object iterator must return a key-value pair');
|
|
1136
|
+
throw new TypeError('Object iterator must return a key-value pair');
|
|
1137
|
+
}
|
|
1138
|
+
key = entry[0];
|
|
1139
|
+
if (utils$1.hasOwnProp(obj, key)) {
|
|
1140
|
+
dest = obj[key];
|
|
1141
|
+
obj[key] = utils$1.isArray(dest) ? [...dest, entry[1]] : [dest, entry[1]];
|
|
1142
|
+
} else {
|
|
1143
|
+
obj[key] = entry[1];
|
|
1056
1144
|
}
|
|
1057
|
-
obj[key = entry[0]] = (dest = obj[key]) ? utils$1.isArray(dest) ? [...dest, entry[1]] : [dest, entry[1]] : entry[1];
|
|
1058
1145
|
}
|
|
1059
1146
|
setHeaders(obj, valueOrRewrite);
|
|
1060
1147
|
} else {
|
|
@@ -1266,7 +1353,19 @@ function redactConfig(config, redactKeys) {
|
|
|
1266
1353
|
class AxiosError extends Error {
|
|
1267
1354
|
static from(error, code, config, request, response, customProps) {
|
|
1268
1355
|
const axiosError = new AxiosError(error.message, code || error.code, config, request, response);
|
|
1269
|
-
|
|
1356
|
+
// Match native `Error` `cause` semantics: non-enumerable. The wrapped
|
|
1357
|
+
// error often carries circular internals (sockets, requests, agents), so
|
|
1358
|
+
// an enumerable `cause` makes structured loggers (pino/winston) and any
|
|
1359
|
+
// own-property walk throw "Converting circular structure to JSON".
|
|
1360
|
+
// Regression from #6982; see #7205. `__proto__: null` mirrors the
|
|
1361
|
+
// `message` descriptor below (prototype-pollution-safe descriptor).
|
|
1362
|
+
Object.defineProperty(axiosError, 'cause', {
|
|
1363
|
+
__proto__: null,
|
|
1364
|
+
value: error,
|
|
1365
|
+
writable: true,
|
|
1366
|
+
enumerable: false,
|
|
1367
|
+
configurable: true
|
|
1368
|
+
});
|
|
1270
1369
|
axiosError.name = error.name;
|
|
1271
1370
|
|
|
1272
1371
|
// Preserve status from the original error if not already set from response
|
|
@@ -1357,6 +1456,10 @@ AxiosError.ERR_NOT_SUPPORT = 'ERR_NOT_SUPPORT';
|
|
|
1357
1456
|
AxiosError.ERR_INVALID_URL = 'ERR_INVALID_URL';
|
|
1358
1457
|
AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED = 'ERR_FORM_DATA_DEPTH_EXCEEDED';
|
|
1359
1458
|
|
|
1459
|
+
// Default nesting limit shared with the inverse transform (formDataToJSON) so
|
|
1460
|
+
// the FormData <-> JSON round-trip stays symmetric.
|
|
1461
|
+
const DEFAULT_FORM_DATA_MAX_DEPTH = 100;
|
|
1462
|
+
|
|
1360
1463
|
/**
|
|
1361
1464
|
* Determines if the given thing is a array or js object.
|
|
1362
1465
|
*
|
|
@@ -1457,8 +1560,9 @@ function toFormData(obj, formData, options) {
|
|
|
1457
1560
|
const dots = options.dots;
|
|
1458
1561
|
const indexes = options.indexes;
|
|
1459
1562
|
const _Blob = options.Blob || typeof Blob !== 'undefined' && Blob;
|
|
1460
|
-
const maxDepth = options.maxDepth === undefined ?
|
|
1563
|
+
const maxDepth = options.maxDepth === undefined ? DEFAULT_FORM_DATA_MAX_DEPTH : options.maxDepth;
|
|
1461
1564
|
const useBlob = _Blob && utils$1.isSpecCompliantForm(formData);
|
|
1565
|
+
const stack = [];
|
|
1462
1566
|
if (!utils$1.isFunction(visitor)) {
|
|
1463
1567
|
throw new TypeError('visitor must be a function');
|
|
1464
1568
|
}
|
|
@@ -1474,10 +1578,38 @@ function toFormData(obj, formData, options) {
|
|
|
1474
1578
|
throw new AxiosError('Blob is not supported. Use a Buffer instead.');
|
|
1475
1579
|
}
|
|
1476
1580
|
if (utils$1.isArrayBuffer(value) || utils$1.isTypedArray(value)) {
|
|
1477
|
-
|
|
1581
|
+
if (useBlob && typeof _Blob === 'function') {
|
|
1582
|
+
return new _Blob([value]);
|
|
1583
|
+
}
|
|
1584
|
+
if (typeof Buffer !== 'undefined') {
|
|
1585
|
+
return Buffer.from(value);
|
|
1586
|
+
}
|
|
1587
|
+
throw new AxiosError('Blob is not supported. Use a Buffer instead.', AxiosError.ERR_NOT_SUPPORT);
|
|
1478
1588
|
}
|
|
1479
1589
|
return value;
|
|
1480
1590
|
}
|
|
1591
|
+
function throwIfMaxDepthExceeded(depth) {
|
|
1592
|
+
if (depth > maxDepth) {
|
|
1593
|
+
throw new AxiosError('Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth, AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED);
|
|
1594
|
+
}
|
|
1595
|
+
}
|
|
1596
|
+
function stringifyWithDepthLimit(value, depth) {
|
|
1597
|
+
if (maxDepth === Infinity) {
|
|
1598
|
+
return JSON.stringify(value);
|
|
1599
|
+
}
|
|
1600
|
+
const ancestors = [];
|
|
1601
|
+
return JSON.stringify(value, function limitDepth(_key, currentValue) {
|
|
1602
|
+
if (!utils$1.isObject(currentValue)) {
|
|
1603
|
+
return currentValue;
|
|
1604
|
+
}
|
|
1605
|
+
while (ancestors.length && ancestors[ancestors.length - 1] !== this) {
|
|
1606
|
+
ancestors.pop();
|
|
1607
|
+
}
|
|
1608
|
+
ancestors.push(currentValue);
|
|
1609
|
+
throwIfMaxDepthExceeded(depth + ancestors.length - 1);
|
|
1610
|
+
return currentValue;
|
|
1611
|
+
});
|
|
1612
|
+
}
|
|
1481
1613
|
|
|
1482
1614
|
/**
|
|
1483
1615
|
* Default visitor.
|
|
@@ -1500,7 +1632,7 @@ function toFormData(obj, formData, options) {
|
|
|
1500
1632
|
// eslint-disable-next-line no-param-reassign
|
|
1501
1633
|
key = metaTokens ? key : key.slice(0, -2);
|
|
1502
1634
|
// eslint-disable-next-line no-param-reassign
|
|
1503
|
-
value =
|
|
1635
|
+
value = stringifyWithDepthLimit(value, 1);
|
|
1504
1636
|
} else if (utils$1.isArray(value) && isFlatArray(value) || (utils$1.isFileList(value) || utils$1.endsWith(key, '[]')) && (arr = utils$1.toArray(value))) {
|
|
1505
1637
|
// eslint-disable-next-line no-param-reassign
|
|
1506
1638
|
key = removeBrackets(key);
|
|
@@ -1518,7 +1650,6 @@ function toFormData(obj, formData, options) {
|
|
|
1518
1650
|
formData.append(renderKey(path, key, dots), convertValue(value));
|
|
1519
1651
|
return false;
|
|
1520
1652
|
}
|
|
1521
|
-
const stack = [];
|
|
1522
1653
|
const exposedHelpers = Object.assign(predicates, {
|
|
1523
1654
|
defaultVisitor,
|
|
1524
1655
|
convertValue,
|
|
@@ -1526,11 +1657,9 @@ function toFormData(obj, formData, options) {
|
|
|
1526
1657
|
});
|
|
1527
1658
|
function build(value, path, depth = 0) {
|
|
1528
1659
|
if (utils$1.isUndefined(value)) return;
|
|
1529
|
-
|
|
1530
|
-
throw new AxiosError('Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth, AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED);
|
|
1531
|
-
}
|
|
1660
|
+
throwIfMaxDepthExceeded(depth);
|
|
1532
1661
|
if (stack.indexOf(value) !== -1) {
|
|
1533
|
-
throw Error('Circular reference detected in ' + path.join('.'));
|
|
1662
|
+
throw new Error('Circular reference detected in ' + path.join('.'));
|
|
1534
1663
|
}
|
|
1535
1664
|
stack.push(value);
|
|
1536
1665
|
utils$1.forEach(value, function each(el, key) {
|
|
@@ -1587,9 +1716,7 @@ prototype.append = function append(name, value) {
|
|
|
1587
1716
|
this._pairs.push([name, value]);
|
|
1588
1717
|
};
|
|
1589
1718
|
prototype.toString = function toString(encoder) {
|
|
1590
|
-
const _encode = encoder ?
|
|
1591
|
-
return encoder.call(this, value, encode$1);
|
|
1592
|
-
} : encode$1;
|
|
1719
|
+
const _encode = encoder ? value => encoder.call(this, value, encode$1) : encode$1;
|
|
1593
1720
|
return this._pairs.map(function each(pair) {
|
|
1594
1721
|
return _encode(pair[0]) + '=' + _encode(pair[1]);
|
|
1595
1722
|
}, '').join('&');
|
|
@@ -1620,11 +1747,16 @@ function buildURL(url, params, options) {
|
|
|
1620
1747
|
if (!params) {
|
|
1621
1748
|
return url;
|
|
1622
1749
|
}
|
|
1623
|
-
|
|
1750
|
+
url = url || '';
|
|
1624
1751
|
const _options = utils$1.isFunction(options) ? {
|
|
1625
1752
|
serialize: options
|
|
1626
1753
|
} : options;
|
|
1627
|
-
|
|
1754
|
+
|
|
1755
|
+
// Read serializer options pollution-safely: own properties and methods on a
|
|
1756
|
+
// class/template prototype are honored, but values injected onto a polluted
|
|
1757
|
+
// Object.prototype are ignored.
|
|
1758
|
+
const _encode = utils$1.getSafeProp(_options, 'encode') || encode;
|
|
1759
|
+
const serializeFn = utils$1.getSafeProp(_options, 'serialize');
|
|
1628
1760
|
let serializedParams;
|
|
1629
1761
|
if (serializeFn) {
|
|
1630
1762
|
serializedParams = serializeFn(params, _options);
|
|
@@ -1712,7 +1844,9 @@ var transitionalDefaults = {
|
|
|
1712
1844
|
silentJSONParsing: true,
|
|
1713
1845
|
forcedJSONParsing: true,
|
|
1714
1846
|
clarifyTimeoutError: false,
|
|
1715
|
-
legacyInterceptorReqResOrdering: true
|
|
1847
|
+
legacyInterceptorReqResOrdering: true,
|
|
1848
|
+
advertiseZstdAcceptEncoding: false,
|
|
1849
|
+
validateStatusUndefinedResolves: true
|
|
1716
1850
|
};
|
|
1717
1851
|
|
|
1718
1852
|
var URLSearchParams = url.URLSearchParams;
|
|
@@ -1813,6 +1947,13 @@ function toURLEncodedForm(data, options) {
|
|
|
1813
1947
|
});
|
|
1814
1948
|
}
|
|
1815
1949
|
|
|
1950
|
+
const MAX_DEPTH = DEFAULT_FORM_DATA_MAX_DEPTH;
|
|
1951
|
+
function throwIfDepthExceeded(index) {
|
|
1952
|
+
if (index > MAX_DEPTH) {
|
|
1953
|
+
throw new AxiosError('FormData field is too deeply nested (' + index + ' levels). Max depth: ' + MAX_DEPTH, AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED);
|
|
1954
|
+
}
|
|
1955
|
+
}
|
|
1956
|
+
|
|
1816
1957
|
/**
|
|
1817
1958
|
* It takes a string like `foo[x][y][z]` and returns an array like `['foo', 'x', 'y', 'z']
|
|
1818
1959
|
*
|
|
@@ -1825,9 +1966,14 @@ function parsePropPath(name) {
|
|
|
1825
1966
|
// foo.x.y.z
|
|
1826
1967
|
// foo-x-y-z
|
|
1827
1968
|
// foo x y z
|
|
1828
|
-
|
|
1829
|
-
|
|
1830
|
-
|
|
1969
|
+
const path = [];
|
|
1970
|
+
const pattern = /\w+|\[(\w*)]/g;
|
|
1971
|
+
let match;
|
|
1972
|
+
while ((match = pattern.exec(name)) !== null) {
|
|
1973
|
+
throwIfDepthExceeded(path.length);
|
|
1974
|
+
path.push(match[0] === '[]' ? '' : match[1] || match[0]);
|
|
1975
|
+
}
|
|
1976
|
+
return path;
|
|
1831
1977
|
}
|
|
1832
1978
|
|
|
1833
1979
|
/**
|
|
@@ -1859,6 +2005,7 @@ function arrayToObject(arr) {
|
|
|
1859
2005
|
*/
|
|
1860
2006
|
function formDataToJSON(formData) {
|
|
1861
2007
|
function buildPath(path, value, target, index) {
|
|
2008
|
+
throwIfDepthExceeded(index);
|
|
1862
2009
|
let name = path[index++];
|
|
1863
2010
|
if (name === '__proto__') return true;
|
|
1864
2011
|
const isNumericKey = Number.isFinite(+name);
|
|
@@ -2099,6 +2246,24 @@ function combineURLs(baseURL, relativeURL) {
|
|
|
2099
2246
|
return relativeURL ? baseURL.replace(/\/?\/$/, '') + '/' + relativeURL.replace(/^\/+/, '') : baseURL;
|
|
2100
2247
|
}
|
|
2101
2248
|
|
|
2249
|
+
const malformedHttpProtocol = /^https?:(?!\/\/)/i;
|
|
2250
|
+
const httpProtocolControlCharacters = /[\t\n\r]/g;
|
|
2251
|
+
function stripLeadingC0ControlOrSpace(url) {
|
|
2252
|
+
let i = 0;
|
|
2253
|
+
while (i < url.length && url.charCodeAt(i) <= 0x20) {
|
|
2254
|
+
i++;
|
|
2255
|
+
}
|
|
2256
|
+
return url.slice(i);
|
|
2257
|
+
}
|
|
2258
|
+
function normalizeURLForProtocolCheck(url) {
|
|
2259
|
+
return stripLeadingC0ControlOrSpace(url).replace(httpProtocolControlCharacters, '');
|
|
2260
|
+
}
|
|
2261
|
+
function assertValidHttpProtocolURL(url, config) {
|
|
2262
|
+
if (typeof url === 'string' && malformedHttpProtocol.test(normalizeURLForProtocolCheck(url))) {
|
|
2263
|
+
throw new AxiosError('Invalid URL: missing "//" after protocol', AxiosError.ERR_INVALID_URL, config);
|
|
2264
|
+
}
|
|
2265
|
+
}
|
|
2266
|
+
|
|
2102
2267
|
/**
|
|
2103
2268
|
* Creates a new URL by combining the baseURL with the requestedURL,
|
|
2104
2269
|
* only when the requestedURL is not already an absolute URL.
|
|
@@ -2109,9 +2274,11 @@ function combineURLs(baseURL, relativeURL) {
|
|
|
2109
2274
|
*
|
|
2110
2275
|
* @returns {string} The combined full path
|
|
2111
2276
|
*/
|
|
2112
|
-
function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls) {
|
|
2277
|
+
function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls, config) {
|
|
2278
|
+
assertValidHttpProtocolURL(requestedURL, config);
|
|
2113
2279
|
let isRelativeUrl = !isAbsoluteURL(requestedURL);
|
|
2114
2280
|
if (baseURL && (isRelativeUrl || allowAbsoluteUrls === false)) {
|
|
2281
|
+
assertValidHttpProtocolURL(baseURL, config);
|
|
2115
2282
|
return combineURLs(baseURL, requestedURL);
|
|
2116
2283
|
}
|
|
2117
2284
|
return requestedURL;
|
|
@@ -2213,7 +2380,7 @@ function getEnv(key) {
|
|
|
2213
2380
|
return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || '';
|
|
2214
2381
|
}
|
|
2215
2382
|
|
|
2216
|
-
const VERSION = "1.
|
|
2383
|
+
const VERSION = "1.18.1";
|
|
2217
2384
|
|
|
2218
2385
|
function parseProtocol(url) {
|
|
2219
2386
|
const match = /^([-+\w]{1,25}):(?:\/\/)?/.exec(url);
|
|
@@ -2253,13 +2420,13 @@ function fromDataURI(uri, asBlob, options) {
|
|
|
2253
2420
|
|
|
2254
2421
|
// RFC 2397 section 3: default mediatype is text/plain;charset=US-ASCII
|
|
2255
2422
|
// Bare `data:,` leaves mime undefined; Blob normalises that to "" per spec.
|
|
2256
|
-
let mime;
|
|
2423
|
+
let mime = '';
|
|
2257
2424
|
if (type) {
|
|
2258
2425
|
mime = params ? type + params : type;
|
|
2259
2426
|
} else if (params) {
|
|
2260
2427
|
mime = 'text/plain' + params;
|
|
2261
2428
|
}
|
|
2262
|
-
const buffer = Buffer.from(decodeURIComponent(body), encoding);
|
|
2429
|
+
const buffer = encoding === 'base64' ? Buffer.from(body, 'base64') : Buffer.from(decodeURIComponent(body), encoding);
|
|
2263
2430
|
if (asBlob) {
|
|
2264
2431
|
if (!_Blob) {
|
|
2265
2432
|
throw new AxiosError('Blob is not supported', AxiosError.ERR_NOT_SUPPORT);
|
|
@@ -2452,10 +2619,10 @@ const formDataToStream = (form, headersHandler, options) => {
|
|
|
2452
2619
|
boundary = tag + '-' + platform.generateString(size, BOUNDARY_ALPHABET)
|
|
2453
2620
|
} = options || {};
|
|
2454
2621
|
if (!utils$1.isFormData(form)) {
|
|
2455
|
-
throw TypeError('FormData instance required');
|
|
2622
|
+
throw new TypeError('FormData instance required');
|
|
2456
2623
|
}
|
|
2457
2624
|
if (boundary.length < 1 || boundary.length > 70) {
|
|
2458
|
-
throw Error('boundary must be 1-70 characters long');
|
|
2625
|
+
throw new Error('boundary must be 1-70 characters long');
|
|
2459
2626
|
}
|
|
2460
2627
|
const boundaryBytes = textEncoder.encode('--' + boundary + CRLF);
|
|
2461
2628
|
const footerBytes = textEncoder.encode('--' + boundary + '--' + CRLF);
|
|
@@ -2505,6 +2672,84 @@ class ZlibHeaderTransformStream extends stream.Transform {
|
|
|
2505
2672
|
}
|
|
2506
2673
|
}
|
|
2507
2674
|
|
|
2675
|
+
class Http2Sessions {
|
|
2676
|
+
constructor() {
|
|
2677
|
+
this.sessions = Object.create(null);
|
|
2678
|
+
}
|
|
2679
|
+
getSession(authority, options) {
|
|
2680
|
+
options = Object.assign({
|
|
2681
|
+
sessionTimeout: 1000
|
|
2682
|
+
}, options);
|
|
2683
|
+
let authoritySessions = this.sessions[authority];
|
|
2684
|
+
if (authoritySessions) {
|
|
2685
|
+
let len = authoritySessions.length;
|
|
2686
|
+
for (let i = 0; i < len; i++) {
|
|
2687
|
+
const [sessionHandle, sessionOptions] = authoritySessions[i];
|
|
2688
|
+
if (!sessionHandle.destroyed && !sessionHandle.closed && util.isDeepStrictEqual(sessionOptions, options)) {
|
|
2689
|
+
return sessionHandle;
|
|
2690
|
+
}
|
|
2691
|
+
}
|
|
2692
|
+
}
|
|
2693
|
+
const session = http2.connect(authority, options);
|
|
2694
|
+
let removed;
|
|
2695
|
+
let timer;
|
|
2696
|
+
const removeSession = () => {
|
|
2697
|
+
if (removed) {
|
|
2698
|
+
return;
|
|
2699
|
+
}
|
|
2700
|
+
removed = true;
|
|
2701
|
+
if (timer) {
|
|
2702
|
+
clearTimeout(timer);
|
|
2703
|
+
timer = null;
|
|
2704
|
+
}
|
|
2705
|
+
let entries = authoritySessions,
|
|
2706
|
+
len = entries.length,
|
|
2707
|
+
i = len;
|
|
2708
|
+
while (i--) {
|
|
2709
|
+
if (entries[i][0] === session) {
|
|
2710
|
+
if (len === 1) {
|
|
2711
|
+
delete this.sessions[authority];
|
|
2712
|
+
} else {
|
|
2713
|
+
entries.splice(i, 1);
|
|
2714
|
+
}
|
|
2715
|
+
if (!session.closed) {
|
|
2716
|
+
session.close();
|
|
2717
|
+
}
|
|
2718
|
+
return;
|
|
2719
|
+
}
|
|
2720
|
+
}
|
|
2721
|
+
};
|
|
2722
|
+
const originalRequestFn = session.request;
|
|
2723
|
+
const {
|
|
2724
|
+
sessionTimeout
|
|
2725
|
+
} = options;
|
|
2726
|
+
if (sessionTimeout != null) {
|
|
2727
|
+
let streamsCount = 0;
|
|
2728
|
+
session.request = function () {
|
|
2729
|
+
const stream = originalRequestFn.apply(this, arguments);
|
|
2730
|
+
streamsCount++;
|
|
2731
|
+
if (timer) {
|
|
2732
|
+
clearTimeout(timer);
|
|
2733
|
+
timer = null;
|
|
2734
|
+
}
|
|
2735
|
+
stream.once('close', () => {
|
|
2736
|
+
if (! --streamsCount) {
|
|
2737
|
+
timer = setTimeout(() => {
|
|
2738
|
+
timer = null;
|
|
2739
|
+
removeSession();
|
|
2740
|
+
}, sessionTimeout);
|
|
2741
|
+
}
|
|
2742
|
+
});
|
|
2743
|
+
return stream;
|
|
2744
|
+
};
|
|
2745
|
+
}
|
|
2746
|
+
session.once('close', removeSession);
|
|
2747
|
+
let entry = [session, options];
|
|
2748
|
+
authoritySessions ? authoritySessions.push(entry) : authoritySessions = this.sessions[authority] = [entry];
|
|
2749
|
+
return session;
|
|
2750
|
+
}
|
|
2751
|
+
}
|
|
2752
|
+
|
|
2508
2753
|
const callbackify = (fn, reducer) => {
|
|
2509
2754
|
return utils$1.isAsyncFn(fn) ? function (...args) {
|
|
2510
2755
|
const cb = args.pop();
|
|
@@ -2518,13 +2763,34 @@ const callbackify = (fn, reducer) => {
|
|
|
2518
2763
|
} : fn;
|
|
2519
2764
|
};
|
|
2520
2765
|
|
|
2521
|
-
const LOOPBACK_HOSTNAMES = new Set(['localhost']);
|
|
2766
|
+
const LOOPBACK_HOSTNAMES = new Set(['localhost', '0.0.0.0']);
|
|
2522
2767
|
const isIPv4Loopback = host => {
|
|
2523
2768
|
const parts = host.split('.');
|
|
2524
2769
|
if (parts.length !== 4) return false;
|
|
2525
2770
|
if (parts[0] !== '127') return false;
|
|
2526
2771
|
return parts.every(p => /^\d+$/.test(p) && Number(p) >= 0 && Number(p) <= 255);
|
|
2527
2772
|
};
|
|
2773
|
+
const isIPv6ZeroGroup = group => /^0{1,4}$/.test(group);
|
|
2774
|
+
|
|
2775
|
+
// The unspecified address (IPv4 0.0.0.0 / IPv6 ::) resolves to the local host
|
|
2776
|
+
// for outbound connections, so treat it as loopback-equivalent for NO_PROXY
|
|
2777
|
+
// matching. 0.0.0.0 is covered by LOOPBACK_HOSTNAMES; this handles compressed
|
|
2778
|
+
// and full IPv6 all-zero forms so both families bypass symmetrically.
|
|
2779
|
+
const isIPv6Unspecified = host => {
|
|
2780
|
+
if (host === '::') return true;
|
|
2781
|
+
const compressionIndex = host.indexOf('::');
|
|
2782
|
+
if (compressionIndex !== -1) {
|
|
2783
|
+
if (compressionIndex !== host.lastIndexOf('::')) return false;
|
|
2784
|
+
const left = host.slice(0, compressionIndex);
|
|
2785
|
+
const right = host.slice(compressionIndex + 2);
|
|
2786
|
+
const leftGroups = left ? left.split(':') : [];
|
|
2787
|
+
const rightGroups = right ? right.split(':') : [];
|
|
2788
|
+
const explicitGroups = leftGroups.length + rightGroups.length;
|
|
2789
|
+
return explicitGroups < 8 && leftGroups.every(isIPv6ZeroGroup) && rightGroups.every(isIPv6ZeroGroup);
|
|
2790
|
+
}
|
|
2791
|
+
const groups = host.split(':');
|
|
2792
|
+
return groups.length === 8 && groups.every(isIPv6ZeroGroup);
|
|
2793
|
+
};
|
|
2528
2794
|
const isIPv6Loopback = host => {
|
|
2529
2795
|
// Collapse all-zero groups: any form of ::1 / 0:0:...:0:1
|
|
2530
2796
|
// First, strip any leading "::" by normalising with Set lookup of common forms,
|
|
@@ -2557,6 +2823,7 @@ const isLoopback = host => {
|
|
|
2557
2823
|
if (!host) return false;
|
|
2558
2824
|
if (LOOPBACK_HOSTNAMES.has(host)) return true;
|
|
2559
2825
|
if (isIPv4Loopback(host)) return true;
|
|
2826
|
+
if (isIPv6Unspecified(host)) return true;
|
|
2560
2827
|
return isIPv6Loopback(host);
|
|
2561
2828
|
};
|
|
2562
2829
|
const DEFAULT_PORTS = {
|
|
@@ -2776,11 +3043,13 @@ const asyncDecorator = fn => (...args) => utils$1.asap(() => fn(...args));
|
|
|
2776
3043
|
* Estimate decoded byte length of a data:// URL *without* allocating large buffers.
|
|
2777
3044
|
* - For base64: compute exact decoded size using length and padding;
|
|
2778
3045
|
* handle %XX at the character-count level (no string allocation).
|
|
2779
|
-
* - For non-base64:
|
|
3046
|
+
* - For non-base64: compute the exact percent-decoded UTF-8 byte length.
|
|
2780
3047
|
*
|
|
2781
3048
|
* @param {string} url
|
|
2782
3049
|
* @returns {number}
|
|
2783
3050
|
*/
|
|
3051
|
+
const isHexDigit = charCode => charCode >= 48 && charCode <= 57 || charCode >= 65 && charCode <= 70 || charCode >= 97 && charCode <= 102;
|
|
3052
|
+
const isPercentEncodedByte = (str, i, len) => i + 2 < len && isHexDigit(str.charCodeAt(i + 1)) && isHexDigit(str.charCodeAt(i + 2));
|
|
2784
3053
|
function estimateDataURLDecodedBytes(url) {
|
|
2785
3054
|
if (!url || typeof url !== 'string') return 0;
|
|
2786
3055
|
if (!url.startsWith('data:')) return 0;
|
|
@@ -2797,7 +3066,7 @@ function estimateDataURLDecodedBytes(url) {
|
|
|
2797
3066
|
if (body.charCodeAt(i) === 37 /* '%' */ && i + 2 < len) {
|
|
2798
3067
|
const a = body.charCodeAt(i + 1);
|
|
2799
3068
|
const b = body.charCodeAt(i + 2);
|
|
2800
|
-
const isHex = (a
|
|
3069
|
+
const isHex = isHexDigit(a) && isHexDigit(b);
|
|
2801
3070
|
if (isHex) {
|
|
2802
3071
|
effectiveLen -= 2;
|
|
2803
3072
|
i += 2;
|
|
@@ -2832,18 +3101,18 @@ function estimateDataURLDecodedBytes(url) {
|
|
|
2832
3101
|
const bytes = groups * 3 - (pad || 0);
|
|
2833
3102
|
return bytes > 0 ? bytes : 0;
|
|
2834
3103
|
}
|
|
2835
|
-
if (typeof Buffer !== 'undefined' && typeof Buffer.byteLength === 'function') {
|
|
2836
|
-
return Buffer.byteLength(body, 'utf8');
|
|
2837
|
-
}
|
|
2838
3104
|
|
|
2839
3105
|
// Compute UTF-8 byte length directly from UTF-16 code units without allocating
|
|
2840
3106
|
// a byte buffer (TextEncoder.encode would defeat the DoS guard on large bodies).
|
|
2841
|
-
//
|
|
2842
|
-
//
|
|
3107
|
+
// Valid %XX triplets count as one decoded byte; this matches the bytes that
|
|
3108
|
+
// decodeURIComponent(body) would produce before Buffer re-encodes the string.
|
|
2843
3109
|
let bytes = 0;
|
|
2844
3110
|
for (let i = 0, len = body.length; i < len; i++) {
|
|
2845
3111
|
const c = body.charCodeAt(i);
|
|
2846
|
-
if (c
|
|
3112
|
+
if (c === 37 /* '%' */ && isPercentEncodedByte(body, i, len)) {
|
|
3113
|
+
bytes += 1;
|
|
3114
|
+
i += 2;
|
|
3115
|
+
} else if (c < 0x80) {
|
|
2847
3116
|
bytes += 1;
|
|
2848
3117
|
} else if (c < 0x800) {
|
|
2849
3118
|
bytes += 2;
|
|
@@ -2870,7 +3139,14 @@ const brotliOptions = {
|
|
|
2870
3139
|
flush: zlib.constants.BROTLI_OPERATION_FLUSH,
|
|
2871
3140
|
finishFlush: zlib.constants.BROTLI_OPERATION_FLUSH
|
|
2872
3141
|
};
|
|
3142
|
+
const zstdOptions = {
|
|
3143
|
+
flush: zlib.constants.ZSTD_e_flush,
|
|
3144
|
+
finishFlush: zlib.constants.ZSTD_e_flush
|
|
3145
|
+
};
|
|
2873
3146
|
const isBrotliSupported = utils$1.isFunction(zlib.createBrotliDecompress);
|
|
3147
|
+
const isZstdSupported = utils$1.isFunction(zlib.createZstdDecompress);
|
|
3148
|
+
const ACCEPT_ENCODING = 'gzip, compress, deflate' + (isBrotliSupported ? ', br' : '');
|
|
3149
|
+
const ACCEPT_ENCODING_WITH_ZSTD = ACCEPT_ENCODING + (isZstdSupported ? ', zstd' : '');
|
|
2874
3150
|
const {
|
|
2875
3151
|
http: httpFollow,
|
|
2876
3152
|
https: httpsFollow
|
|
@@ -2905,6 +3181,36 @@ const kAxiosInstalledTunnel = Symbol('axios.http.installedTunnel');
|
|
|
2905
3181
|
// so unbounded growth is not a concern in practice.
|
|
2906
3182
|
const tunnelingAgentCache = new Map();
|
|
2907
3183
|
const tunnelingAgentCacheUser = new WeakMap();
|
|
3184
|
+
// Minimum minor versions where Node's HTTP Agent supports native proxyEnv
|
|
3185
|
+
// handling. Checking the selected agent below also covers startup modes such
|
|
3186
|
+
// as NODE_OPTIONS=--use-env-proxy and --no-use-env-proxy precedence.
|
|
3187
|
+
const NODE_NATIVE_ENV_PROXY_SUPPORT = {
|
|
3188
|
+
22: 21,
|
|
3189
|
+
24: 5
|
|
3190
|
+
};
|
|
3191
|
+
function isNodeNativeEnvProxySupported(nodeVersion = process.versions && process.versions.node) {
|
|
3192
|
+
if (!nodeVersion) {
|
|
3193
|
+
return false;
|
|
3194
|
+
}
|
|
3195
|
+
const [major, minor] = nodeVersion.split('.').map(part => Number(part));
|
|
3196
|
+
if (!Number.isInteger(major) || !Number.isInteger(minor)) {
|
|
3197
|
+
return false;
|
|
3198
|
+
}
|
|
3199
|
+
if (major > 24) {
|
|
3200
|
+
return true;
|
|
3201
|
+
}
|
|
3202
|
+
return NODE_NATIVE_ENV_PROXY_SUPPORT[major] != null && minor >= NODE_NATIVE_ENV_PROXY_SUPPORT[major];
|
|
3203
|
+
}
|
|
3204
|
+
function isNodeEnvProxyEnabled(agent, nodeVersion = process.versions && process.versions.node) {
|
|
3205
|
+
if (!isNodeNativeEnvProxySupported(nodeVersion)) {
|
|
3206
|
+
return false;
|
|
3207
|
+
}
|
|
3208
|
+
const agentOptions = agent && agent.options;
|
|
3209
|
+
return Boolean(agentOptions && utils$1.hasOwnProp(agentOptions, 'proxyEnv') && agentOptions.proxyEnv != null);
|
|
3210
|
+
}
|
|
3211
|
+
function getProxyEnvAgent(options, configHttpAgent, configHttpsAgent) {
|
|
3212
|
+
return isHttps.test(options.protocol) ? configHttpsAgent || https.globalAgent : configHttpAgent || http.globalAgent;
|
|
3213
|
+
}
|
|
2908
3214
|
function getTunnelingAgent(agentOptions, userHttpsAgent) {
|
|
2909
3215
|
const key = agentOptions.protocol + '//' + agentOptions.hostname + ':' + (agentOptions.port || '') + '#' + (agentOptions.auth || '');
|
|
2910
3216
|
const cache = userHttpsAgent ? tunnelingAgentCacheUser.get(userHttpsAgent) || tunnelingAgentCacheUser.set(userHttpsAgent, new Map()).get(userHttpsAgent) : tunnelingAgentCache;
|
|
@@ -2918,6 +3224,19 @@ function getTunnelingAgent(agentOptions, userHttpsAgent) {
|
|
|
2918
3224
|
...agentOptions
|
|
2919
3225
|
} : agentOptions;
|
|
2920
3226
|
agent = new HttpsProxyAgent(merged);
|
|
3227
|
+
if (userHttpsAgent && userHttpsAgent.options) {
|
|
3228
|
+
const originTLSOptions = {
|
|
3229
|
+
...userHttpsAgent.options
|
|
3230
|
+
};
|
|
3231
|
+
const callback = agent.callback;
|
|
3232
|
+
agent.callback = function axiosTunnelingAgentCallback(req, opts) {
|
|
3233
|
+
// HttpsProxyAgent v5 reads callback opts for the post-CONNECT origin TLS upgrade.
|
|
3234
|
+
return callback.call(this, req, {
|
|
3235
|
+
...originTLSOptions,
|
|
3236
|
+
...opts
|
|
3237
|
+
});
|
|
3238
|
+
};
|
|
3239
|
+
}
|
|
2921
3240
|
agent[kAxiosInstalledTunnel] = true;
|
|
2922
3241
|
cache.set(key, agent);
|
|
2923
3242
|
return agent;
|
|
@@ -2930,7 +3249,7 @@ const supportedProtocols = platform.protocols.map(protocol => {
|
|
|
2930
3249
|
// Decode before composing the `auth` option so credentials such as
|
|
2931
3250
|
// `my%40email.com:pass` are sent as `my@email.com:pass`. Falls back to the
|
|
2932
3251
|
// original value for malformed input so a bad encoding never throws.
|
|
2933
|
-
const decodeURIComponentSafe = value => {
|
|
3252
|
+
const decodeURIComponentSafe$1 = value => {
|
|
2934
3253
|
if (!utils$1.isString(value)) {
|
|
2935
3254
|
return value;
|
|
2936
3255
|
}
|
|
@@ -2944,84 +3263,11 @@ const flushOnFinish = (stream, [throttled, flush]) => {
|
|
|
2944
3263
|
stream.on('end', flush).on('error', flush);
|
|
2945
3264
|
return throttled;
|
|
2946
3265
|
};
|
|
2947
|
-
class Http2Sessions {
|
|
2948
|
-
constructor() {
|
|
2949
|
-
this.sessions = Object.create(null);
|
|
2950
|
-
}
|
|
2951
|
-
getSession(authority, options) {
|
|
2952
|
-
options = Object.assign({
|
|
2953
|
-
sessionTimeout: 1000
|
|
2954
|
-
}, options);
|
|
2955
|
-
let authoritySessions = this.sessions[authority];
|
|
2956
|
-
if (authoritySessions) {
|
|
2957
|
-
let len = authoritySessions.length;
|
|
2958
|
-
for (let i = 0; i < len; i++) {
|
|
2959
|
-
const [sessionHandle, sessionOptions] = authoritySessions[i];
|
|
2960
|
-
if (!sessionHandle.destroyed && !sessionHandle.closed && util.isDeepStrictEqual(sessionOptions, options)) {
|
|
2961
|
-
return sessionHandle;
|
|
2962
|
-
}
|
|
2963
|
-
}
|
|
2964
|
-
}
|
|
2965
|
-
const session = http2.connect(authority, options);
|
|
2966
|
-
let removed;
|
|
2967
|
-
const removeSession = () => {
|
|
2968
|
-
if (removed) {
|
|
2969
|
-
return;
|
|
2970
|
-
}
|
|
2971
|
-
removed = true;
|
|
2972
|
-
let entries = authoritySessions,
|
|
2973
|
-
len = entries.length,
|
|
2974
|
-
i = len;
|
|
2975
|
-
while (i--) {
|
|
2976
|
-
if (entries[i][0] === session) {
|
|
2977
|
-
if (len === 1) {
|
|
2978
|
-
delete this.sessions[authority];
|
|
2979
|
-
} else {
|
|
2980
|
-
entries.splice(i, 1);
|
|
2981
|
-
}
|
|
2982
|
-
if (!session.closed) {
|
|
2983
|
-
session.close();
|
|
2984
|
-
}
|
|
2985
|
-
return;
|
|
2986
|
-
}
|
|
2987
|
-
}
|
|
2988
|
-
};
|
|
2989
|
-
const originalRequestFn = session.request;
|
|
2990
|
-
const {
|
|
2991
|
-
sessionTimeout
|
|
2992
|
-
} = options;
|
|
2993
|
-
if (sessionTimeout != null) {
|
|
2994
|
-
let timer;
|
|
2995
|
-
let streamsCount = 0;
|
|
2996
|
-
session.request = function () {
|
|
2997
|
-
const stream = originalRequestFn.apply(this, arguments);
|
|
2998
|
-
streamsCount++;
|
|
2999
|
-
if (timer) {
|
|
3000
|
-
clearTimeout(timer);
|
|
3001
|
-
timer = null;
|
|
3002
|
-
}
|
|
3003
|
-
stream.once('close', () => {
|
|
3004
|
-
if (! --streamsCount) {
|
|
3005
|
-
timer = setTimeout(() => {
|
|
3006
|
-
timer = null;
|
|
3007
|
-
removeSession();
|
|
3008
|
-
}, sessionTimeout);
|
|
3009
|
-
}
|
|
3010
|
-
});
|
|
3011
|
-
return stream;
|
|
3012
|
-
};
|
|
3013
|
-
}
|
|
3014
|
-
session.once('close', removeSession);
|
|
3015
|
-
let entry = [session, options];
|
|
3016
|
-
authoritySessions ? authoritySessions.push(entry) : authoritySessions = this.sessions[authority] = [entry];
|
|
3017
|
-
return session;
|
|
3018
|
-
}
|
|
3019
|
-
}
|
|
3020
3266
|
const http2Sessions = new Http2Sessions();
|
|
3021
3267
|
|
|
3022
3268
|
/**
|
|
3023
|
-
* If the proxy or config beforeRedirects functions are defined,
|
|
3024
|
-
* object.
|
|
3269
|
+
* If the proxy, auth, sensitive header, or config beforeRedirects functions are defined,
|
|
3270
|
+
* call them with the options object.
|
|
3025
3271
|
*
|
|
3026
3272
|
* @param {Object<string, any>} options - The options object that was passed to the request.
|
|
3027
3273
|
*
|
|
@@ -3031,10 +3277,37 @@ function dispatchBeforeRedirect(options, responseDetails, requestDetails) {
|
|
|
3031
3277
|
if (options.beforeRedirects.proxy) {
|
|
3032
3278
|
options.beforeRedirects.proxy(options);
|
|
3033
3279
|
}
|
|
3280
|
+
if (options.beforeRedirects.auth) {
|
|
3281
|
+
options.beforeRedirects.auth(options);
|
|
3282
|
+
}
|
|
3283
|
+
if (options.beforeRedirects.sensitiveHeaders) {
|
|
3284
|
+
options.beforeRedirects.sensitiveHeaders(options, requestDetails);
|
|
3285
|
+
}
|
|
3034
3286
|
if (options.beforeRedirects.config) {
|
|
3035
3287
|
options.beforeRedirects.config(options, responseDetails, requestDetails);
|
|
3036
3288
|
}
|
|
3037
3289
|
}
|
|
3290
|
+
function stripMatchingHeaders(headers, sensitiveSet) {
|
|
3291
|
+
if (!headers) {
|
|
3292
|
+
return;
|
|
3293
|
+
}
|
|
3294
|
+
Object.keys(headers).forEach(header => {
|
|
3295
|
+
if (sensitiveSet.has(header.toLowerCase())) {
|
|
3296
|
+
delete headers[header];
|
|
3297
|
+
}
|
|
3298
|
+
});
|
|
3299
|
+
}
|
|
3300
|
+
function isSameOriginRedirect(redirectOptions, requestDetails) {
|
|
3301
|
+
if (!requestDetails) {
|
|
3302
|
+
return false;
|
|
3303
|
+
}
|
|
3304
|
+
try {
|
|
3305
|
+
return new URL(requestDetails.url).origin === new URL(redirectOptions.href).origin;
|
|
3306
|
+
} catch (e) {
|
|
3307
|
+
// If origin comparison fails, treat the redirect as unsafe.
|
|
3308
|
+
return false;
|
|
3309
|
+
}
|
|
3310
|
+
}
|
|
3038
3311
|
|
|
3039
3312
|
/**
|
|
3040
3313
|
* If the proxy or config afterRedirects functions are defined, call them with the options
|
|
@@ -3045,9 +3318,10 @@ function dispatchBeforeRedirect(options, responseDetails, requestDetails) {
|
|
|
3045
3318
|
*
|
|
3046
3319
|
* @returns {http.ClientRequestArgs}
|
|
3047
3320
|
*/
|
|
3048
|
-
function setProxy(options, configProxy, location, isRedirect, configHttpsAgent) {
|
|
3321
|
+
function setProxy(options, configProxy, location, isRedirect, configHttpsAgent, configHttpAgent) {
|
|
3049
3322
|
let proxy = configProxy;
|
|
3050
|
-
|
|
3323
|
+
const proxyEnvAgent = getProxyEnvAgent(options, configHttpAgent, configHttpsAgent);
|
|
3324
|
+
if (!proxy && proxy !== false && !isNodeEnvProxyEnabled(proxyEnvAgent)) {
|
|
3051
3325
|
const proxyUrl = getProxyForUrl(location);
|
|
3052
3326
|
if (proxyUrl) {
|
|
3053
3327
|
if (!shouldBypassProxy(location)) {
|
|
@@ -3138,7 +3412,7 @@ function setProxy(options, configProxy, location, isRedirect, configHttpsAgent)
|
|
|
3138
3412
|
}
|
|
3139
3413
|
const tunnelingAgent = getTunnelingAgent(agentOptions, configHttpsAgent);
|
|
3140
3414
|
// Set both: `options.agent` is consumed by the native https.request path
|
|
3141
|
-
// (
|
|
3415
|
+
// (maxRedirects === 0); `options.agents.https` is consumed by
|
|
3142
3416
|
// follow-redirects, which ignores `options.agent` when `options.agents`
|
|
3143
3417
|
// is present.
|
|
3144
3418
|
options.agent = tunnelingAgent;
|
|
@@ -3182,7 +3456,7 @@ function setProxy(options, configProxy, location, isRedirect, configHttpsAgent)
|
|
|
3182
3456
|
options.beforeRedirects.proxy = function beforeRedirect(redirectOptions) {
|
|
3183
3457
|
// Configure proxy for redirected request, passing the original config proxy to apply
|
|
3184
3458
|
// the exact same logic as if the redirected request was performed by axios directly.
|
|
3185
|
-
setProxy(redirectOptions, configProxy, redirectOptions.href, true, configHttpsAgent);
|
|
3459
|
+
setProxy(redirectOptions, configProxy, redirectOptions.href, true, configHttpsAgent, configHttpAgent);
|
|
3186
3460
|
};
|
|
3187
3461
|
}
|
|
3188
3462
|
const isHttpAdapterSupported = typeof process !== 'undefined' && utils$1.kindOf(process) === 'process';
|
|
@@ -3265,16 +3539,30 @@ const http2Transport = {
|
|
|
3265
3539
|
/*eslint consistent-return:0*/
|
|
3266
3540
|
var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
3267
3541
|
return wrapAsync(async function dispatchHttpRequest(resolve, reject, onDone) {
|
|
3268
|
-
|
|
3542
|
+
// Read config pollution-safely: own properties and members inherited from
|
|
3543
|
+
// a non-Object.prototype source (e.g. an Object.create(defaults) template)
|
|
3544
|
+
// are honored, but values injected onto a polluted Object.prototype are
|
|
3545
|
+
// ignored. All behavior-affecting reads in this adapter go through own()
|
|
3546
|
+
// so the protection boundary stays consistent.
|
|
3547
|
+
const own = key => utils$1.getSafeProp(config, key);
|
|
3548
|
+
const transitional = own('transitional') || transitionalDefaults;
|
|
3269
3549
|
let data = own('data');
|
|
3270
3550
|
let lookup = own('lookup');
|
|
3271
3551
|
let family = own('family');
|
|
3272
3552
|
let httpVersion = own('httpVersion');
|
|
3273
3553
|
if (httpVersion === undefined) httpVersion = 1;
|
|
3274
3554
|
let http2Options = own('http2Options');
|
|
3555
|
+
const httpAgent = own('httpAgent');
|
|
3556
|
+
const httpsAgent = own('httpsAgent');
|
|
3557
|
+
const configProxy = own('proxy');
|
|
3275
3558
|
const responseType = own('responseType');
|
|
3276
3559
|
const responseEncoding = own('responseEncoding');
|
|
3277
|
-
const
|
|
3560
|
+
const socketPath = own('socketPath');
|
|
3561
|
+
const method = own('method').toUpperCase();
|
|
3562
|
+
const maxRedirects = own('maxRedirects');
|
|
3563
|
+
const maxBodyLength = own('maxBodyLength');
|
|
3564
|
+
const maxContentLength = own('maxContentLength');
|
|
3565
|
+
const decompress = own('decompress');
|
|
3278
3566
|
let isDone;
|
|
3279
3567
|
let rejected = false;
|
|
3280
3568
|
let req;
|
|
@@ -3305,7 +3593,7 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
|
3305
3593
|
try {
|
|
3306
3594
|
abortEmitter.emit('abort', !reason || reason.type ? new CanceledError(null, config, req) : reason);
|
|
3307
3595
|
} catch (err) {
|
|
3308
|
-
|
|
3596
|
+
// ignore emit errors
|
|
3309
3597
|
}
|
|
3310
3598
|
}
|
|
3311
3599
|
function clearConnectPhaseTimer() {
|
|
@@ -3315,10 +3603,11 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
|
3315
3603
|
}
|
|
3316
3604
|
}
|
|
3317
3605
|
function createTimeoutError() {
|
|
3318
|
-
|
|
3319
|
-
|
|
3320
|
-
|
|
3321
|
-
|
|
3606
|
+
const configTimeout = own('timeout');
|
|
3607
|
+
let timeoutErrorMessage = configTimeout ? 'timeout of ' + configTimeout + 'ms exceeded' : 'timeout exceeded';
|
|
3608
|
+
const configTimeoutErrorMessage = own('timeoutErrorMessage');
|
|
3609
|
+
if (configTimeoutErrorMessage) {
|
|
3610
|
+
timeoutErrorMessage = configTimeoutErrorMessage;
|
|
3322
3611
|
}
|
|
3323
3612
|
return new AxiosError(timeoutErrorMessage, transitional.clarifyTimeoutError ? AxiosError.ETIMEDOUT : AxiosError.ECONNABORTED, config, req);
|
|
3324
3613
|
}
|
|
@@ -3361,17 +3650,22 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
|
3361
3650
|
});
|
|
3362
3651
|
|
|
3363
3652
|
// Parse url
|
|
3364
|
-
const fullPath = buildFullPath(
|
|
3365
|
-
|
|
3653
|
+
const fullPath = buildFullPath(own('baseURL'), own('url'), own('allowAbsoluteUrls'), config);
|
|
3654
|
+
// Unix-socket requests (own socketPath) commonly pass a path-only url
|
|
3655
|
+
// like '/foo'; supply a synthetic base so new URL() can still parse it.
|
|
3656
|
+
// Use the own-property value (not config.socketPath) so a polluted
|
|
3657
|
+
// prototype cannot influence URL base selection.
|
|
3658
|
+
const urlBase = socketPath ? 'http://localhost' : platform.hasBrowserEnv ? platform.origin : undefined;
|
|
3659
|
+
const parsed = new URL(fullPath, urlBase);
|
|
3366
3660
|
const protocol = parsed.protocol || supportedProtocols[0];
|
|
3367
3661
|
if (protocol === 'data:') {
|
|
3368
3662
|
// Apply the same semantics as HTTP: only enforce if a finite, non-negative cap is set.
|
|
3369
|
-
if (
|
|
3370
|
-
// Use the exact string passed to fromDataURI (
|
|
3371
|
-
const dataUrl = String(
|
|
3663
|
+
if (maxContentLength > -1) {
|
|
3664
|
+
// Use the exact string passed to fromDataURI (the configured url); fall back to fullPath if needed.
|
|
3665
|
+
const dataUrl = String(own('url') || fullPath || '');
|
|
3372
3666
|
const estimated = estimateDataURLDecodedBytes(dataUrl);
|
|
3373
|
-
if (estimated >
|
|
3374
|
-
return reject(new AxiosError('maxContentLength size of ' +
|
|
3667
|
+
if (estimated > maxContentLength) {
|
|
3668
|
+
return reject(new AxiosError('maxContentLength size of ' + maxContentLength + ' exceeded', AxiosError.ERR_BAD_RESPONSE, config));
|
|
3375
3669
|
}
|
|
3376
3670
|
}
|
|
3377
3671
|
let convertedData;
|
|
@@ -3384,7 +3678,7 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
|
3384
3678
|
});
|
|
3385
3679
|
}
|
|
3386
3680
|
try {
|
|
3387
|
-
convertedData = fromDataURI(
|
|
3681
|
+
convertedData = fromDataURI(own('url'), responseType === 'blob', {
|
|
3388
3682
|
Blob: config.env && config.env.Blob
|
|
3389
3683
|
});
|
|
3390
3684
|
} catch (err) {
|
|
@@ -3458,7 +3752,7 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
|
3458
3752
|
|
|
3459
3753
|
// Add Content-Length header if data exists
|
|
3460
3754
|
headers.setContentLength(data.length, false);
|
|
3461
|
-
if (
|
|
3755
|
+
if (maxBodyLength > -1 && data.length > maxBodyLength) {
|
|
3462
3756
|
return reject(new AxiosError('Request body larger than maxBodyLength limit', AxiosError.ERR_BAD_REQUEST, config));
|
|
3463
3757
|
}
|
|
3464
3758
|
}
|
|
@@ -3485,27 +3779,26 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
|
3485
3779
|
let auth = undefined;
|
|
3486
3780
|
const configAuth = own('auth');
|
|
3487
3781
|
if (configAuth) {
|
|
3488
|
-
const username = configAuth
|
|
3489
|
-
const password = configAuth
|
|
3782
|
+
const username = utils$1.getSafeProp(configAuth, 'username') || '';
|
|
3783
|
+
const password = utils$1.getSafeProp(configAuth, 'password') || '';
|
|
3490
3784
|
auth = username + ':' + password;
|
|
3491
3785
|
}
|
|
3492
|
-
if (!auth && parsed.username) {
|
|
3493
|
-
const urlUsername = decodeURIComponentSafe(parsed.username);
|
|
3494
|
-
const urlPassword = decodeURIComponentSafe(parsed.password);
|
|
3786
|
+
if (!auth && (parsed.username || parsed.password)) {
|
|
3787
|
+
const urlUsername = decodeURIComponentSafe$1(parsed.username);
|
|
3788
|
+
const urlPassword = decodeURIComponentSafe$1(parsed.password);
|
|
3495
3789
|
auth = urlUsername + ':' + urlPassword;
|
|
3496
3790
|
}
|
|
3497
3791
|
auth && headers.delete('authorization');
|
|
3498
3792
|
let path$1;
|
|
3499
3793
|
try {
|
|
3500
|
-
path$1 = buildURL(parsed.pathname + parsed.search,
|
|
3794
|
+
path$1 = buildURL(parsed.pathname + parsed.search, own('params'), own('paramsSerializer')).replace(/^\?/, '');
|
|
3501
3795
|
} catch (err) {
|
|
3502
|
-
|
|
3503
|
-
|
|
3504
|
-
|
|
3505
|
-
|
|
3506
|
-
return reject(customErr);
|
|
3796
|
+
return reject(AxiosError.from(err, AxiosError.ERR_BAD_REQUEST, config, null, null, {
|
|
3797
|
+
url: own('url'),
|
|
3798
|
+
exists: true
|
|
3799
|
+
}));
|
|
3507
3800
|
}
|
|
3508
|
-
headers.set('Accept-Encoding',
|
|
3801
|
+
headers.set('Accept-Encoding', utils$1.hasOwnProp(transitional, 'advertiseZstdAcceptEncoding') && transitional.advertiseZstdAcceptEncoding === true ? ACCEPT_ENCODING_WITH_ZSTD : ACCEPT_ENCODING, false);
|
|
3509
3802
|
|
|
3510
3803
|
// Null-prototype to block prototype pollution gadgets on properties read
|
|
3511
3804
|
// directly by Node's http.request (e.g. insecureHTTPParser, lookup).
|
|
@@ -3514,8 +3807,8 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
|
3514
3807
|
method: method,
|
|
3515
3808
|
headers: toByteStringHeaderObject(headers),
|
|
3516
3809
|
agents: {
|
|
3517
|
-
http:
|
|
3518
|
-
https:
|
|
3810
|
+
http: httpAgent,
|
|
3811
|
+
https: httpsAgent
|
|
3519
3812
|
},
|
|
3520
3813
|
auth,
|
|
3521
3814
|
protocol,
|
|
@@ -3527,31 +3820,37 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
|
3527
3820
|
|
|
3528
3821
|
// cacheable-lookup integration hotfix
|
|
3529
3822
|
!utils$1.isUndefined(lookup) && (options.lookup = lookup);
|
|
3530
|
-
if (
|
|
3531
|
-
if (typeof
|
|
3823
|
+
if (socketPath) {
|
|
3824
|
+
if (typeof socketPath !== 'string') {
|
|
3532
3825
|
return reject(new AxiosError('socketPath must be a string', AxiosError.ERR_BAD_OPTION_VALUE, config));
|
|
3533
3826
|
}
|
|
3534
|
-
|
|
3535
|
-
|
|
3536
|
-
const
|
|
3827
|
+
const allowedSocketPaths = own('allowedSocketPaths');
|
|
3828
|
+
if (allowedSocketPaths != null) {
|
|
3829
|
+
const allowed = Array.isArray(allowedSocketPaths) ? allowedSocketPaths : [allowedSocketPaths];
|
|
3830
|
+
const resolvedSocket = path.resolve(socketPath);
|
|
3537
3831
|
const isAllowed = allowed.some(entry => typeof entry === 'string' && path.resolve(entry) === resolvedSocket);
|
|
3538
3832
|
if (!isAllowed) {
|
|
3539
|
-
return reject(new AxiosError(`socketPath "${
|
|
3833
|
+
return reject(new AxiosError(`socketPath "${socketPath}" is not permitted by allowedSocketPaths`, AxiosError.ERR_BAD_OPTION_VALUE, config));
|
|
3540
3834
|
}
|
|
3541
3835
|
}
|
|
3542
|
-
options.socketPath =
|
|
3836
|
+
options.socketPath = socketPath;
|
|
3543
3837
|
} else {
|
|
3544
3838
|
options.hostname = parsed.hostname.startsWith('[') ? parsed.hostname.slice(1, -1) : parsed.hostname;
|
|
3545
3839
|
options.port = parsed.port;
|
|
3546
|
-
setProxy(options,
|
|
3840
|
+
setProxy(options, configProxy, protocol + '//' + parsed.hostname + (parsed.port ? ':' + parsed.port : '') + options.path, false, httpsAgent, httpAgent);
|
|
3547
3841
|
}
|
|
3548
3842
|
let transport;
|
|
3549
3843
|
let isNativeTransport = false;
|
|
3844
|
+
// True only for the follow-redirects transport, which applies
|
|
3845
|
+
// options.maxBodyLength itself. Every other transport (http2, native
|
|
3846
|
+
// http/https, a user-supplied custom transport) needs the explicit
|
|
3847
|
+
// byte-counting pipeline below to enforce maxBodyLength on streamed uploads.
|
|
3848
|
+
let transportEnforcesMaxBodyLength = false;
|
|
3550
3849
|
const isHttpsRequest = isHttps.test(options.protocol);
|
|
3551
3850
|
// Don't clobber a CONNECT-tunneling agent installed by setProxy() for an
|
|
3552
3851
|
// HTTPS target.
|
|
3553
3852
|
if (options.agent == null) {
|
|
3554
|
-
options.agent = isHttpsRequest ?
|
|
3853
|
+
options.agent = isHttpsRequest ? httpsAgent : httpAgent;
|
|
3555
3854
|
}
|
|
3556
3855
|
if (isHttp2) {
|
|
3557
3856
|
transport = http2Transport;
|
|
@@ -3559,24 +3858,67 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
|
3559
3858
|
const configTransport = own('transport');
|
|
3560
3859
|
if (configTransport) {
|
|
3561
3860
|
transport = configTransport;
|
|
3562
|
-
} else if (
|
|
3861
|
+
} else if (maxRedirects === 0) {
|
|
3563
3862
|
transport = isHttpsRequest ? https : http;
|
|
3564
3863
|
isNativeTransport = true;
|
|
3565
3864
|
} else {
|
|
3566
|
-
|
|
3567
|
-
|
|
3865
|
+
transportEnforcesMaxBodyLength = true;
|
|
3866
|
+
options.sensitiveHeaders = [];
|
|
3867
|
+
if (maxRedirects) {
|
|
3868
|
+
options.maxRedirects = maxRedirects;
|
|
3568
3869
|
}
|
|
3569
3870
|
const configBeforeRedirect = own('beforeRedirect');
|
|
3570
3871
|
if (configBeforeRedirect) {
|
|
3571
3872
|
options.beforeRedirects.config = configBeforeRedirect;
|
|
3572
3873
|
}
|
|
3874
|
+
if (auth) {
|
|
3875
|
+
// Restore HTTP Basic credentials on same-origin redirects only.
|
|
3876
|
+
// follow-redirects >= 1.15.8 strips Authorization on every redirect (see #6929);
|
|
3877
|
+
// cross-origin stripping is the documented mitigation for T-R2 in THREATMODEL.md
|
|
3878
|
+
// and is preserved by deliberately not restoring on origin change.
|
|
3879
|
+
const requestOrigin = parsed.origin;
|
|
3880
|
+
const authToRestore = auth;
|
|
3881
|
+
options.beforeRedirects.auth = function beforeRedirectAuth(redirectOptions) {
|
|
3882
|
+
try {
|
|
3883
|
+
if (new URL(redirectOptions.href).origin === requestOrigin) {
|
|
3884
|
+
redirectOptions.auth = authToRestore;
|
|
3885
|
+
}
|
|
3886
|
+
} catch (e) {
|
|
3887
|
+
// ignore malformed URL: leaving auth stripped is fail-safe
|
|
3888
|
+
}
|
|
3889
|
+
};
|
|
3890
|
+
}
|
|
3891
|
+
const sensitiveHeaders = own('sensitiveHeaders');
|
|
3892
|
+
if (sensitiveHeaders != null) {
|
|
3893
|
+
if (!utils$1.isArray(sensitiveHeaders)) {
|
|
3894
|
+
return reject(new AxiosError('sensitiveHeaders must be an array of strings', AxiosError.ERR_BAD_OPTION_VALUE, config));
|
|
3895
|
+
}
|
|
3896
|
+
const sensitiveSet = new Set();
|
|
3897
|
+
for (const header of sensitiveHeaders) {
|
|
3898
|
+
if (!utils$1.isString(header)) {
|
|
3899
|
+
return reject(new AxiosError('sensitiveHeaders must be an array of strings', AxiosError.ERR_BAD_OPTION_VALUE, config));
|
|
3900
|
+
}
|
|
3901
|
+
sensitiveSet.add(header.toLowerCase());
|
|
3902
|
+
}
|
|
3903
|
+
if (sensitiveSet.size) {
|
|
3904
|
+
options.sensitiveHeaders = Array.from(sensitiveSet);
|
|
3905
|
+
options.beforeRedirects.sensitiveHeaders = function beforeRedirectSensitiveHeaders(redirectOptions, requestDetails) {
|
|
3906
|
+
if (!isSameOriginRedirect(redirectOptions, requestDetails)) {
|
|
3907
|
+
stripMatchingHeaders(redirectOptions.headers, sensitiveSet);
|
|
3908
|
+
}
|
|
3909
|
+
};
|
|
3910
|
+
}
|
|
3911
|
+
}
|
|
3573
3912
|
transport = isHttpsRequest ? httpsFollow : httpFollow;
|
|
3574
3913
|
}
|
|
3575
3914
|
}
|
|
3576
|
-
|
|
3577
|
-
|
|
3915
|
+
|
|
3916
|
+
// Set an explicit maxBodyLength option for transports that inspect it.
|
|
3917
|
+
// When maxBodyLength is -1 (default/unlimited), use Infinity so
|
|
3918
|
+
// follow-redirects does not fall back to its own 10MB default.
|
|
3919
|
+
if (maxBodyLength > -1) {
|
|
3920
|
+
options.maxBodyLength = maxBodyLength;
|
|
3578
3921
|
} else {
|
|
3579
|
-
// follow-redirects does not skip comparison, so it should always succeed for axios -1 unlimited
|
|
3580
3922
|
options.maxBodyLength = Infinity;
|
|
3581
3923
|
}
|
|
3582
3924
|
|
|
@@ -3606,7 +3948,7 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
|
3606
3948
|
const lastRequest = res.req || req;
|
|
3607
3949
|
|
|
3608
3950
|
// if decompress disabled we should not decompress
|
|
3609
|
-
if (
|
|
3951
|
+
if (decompress !== false && res.headers['content-encoding']) {
|
|
3610
3952
|
// if no content, but headers still say that it is encoded,
|
|
3611
3953
|
// remove the header not confuse downstream operations
|
|
3612
3954
|
if (method === 'HEAD' || res.statusCode === 204) {
|
|
@@ -3638,6 +3980,13 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
|
3638
3980
|
streams.push(zlib.createBrotliDecompress(brotliOptions));
|
|
3639
3981
|
delete res.headers['content-encoding'];
|
|
3640
3982
|
}
|
|
3983
|
+
break;
|
|
3984
|
+
case 'zstd':
|
|
3985
|
+
if (isZstdSupported) {
|
|
3986
|
+
streams.push(zlib.createZstdDecompress(zstdOptions));
|
|
3987
|
+
delete res.headers['content-encoding'];
|
|
3988
|
+
}
|
|
3989
|
+
break;
|
|
3641
3990
|
}
|
|
3642
3991
|
}
|
|
3643
3992
|
responseStream = streams.length > 1 ? stream.pipeline(streams, utils$1.noop) : streams[0];
|
|
@@ -3651,8 +4000,8 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
|
3651
4000
|
if (responseType === 'stream') {
|
|
3652
4001
|
// Enforce maxContentLength on streamed responses; previously this
|
|
3653
4002
|
// was applied only to buffered responses.
|
|
3654
|
-
if (
|
|
3655
|
-
const limit =
|
|
4003
|
+
if (maxContentLength > -1) {
|
|
4004
|
+
const limit = maxContentLength;
|
|
3656
4005
|
const source = responseStream;
|
|
3657
4006
|
async function* enforceMaxContentLength() {
|
|
3658
4007
|
let totalResponseBytes = 0;
|
|
@@ -3678,11 +4027,11 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
|
3678
4027
|
totalResponseBytes += chunk.length;
|
|
3679
4028
|
|
|
3680
4029
|
// make sure the content length is not over the maxContentLength if specified
|
|
3681
|
-
if (
|
|
4030
|
+
if (maxContentLength > -1 && totalResponseBytes > maxContentLength) {
|
|
3682
4031
|
// stream.destroy() emit aborted event before calling reject() on Node.js v16
|
|
3683
4032
|
rejected = true;
|
|
3684
4033
|
responseStream.destroy();
|
|
3685
|
-
abort(new AxiosError('maxContentLength size of ' +
|
|
4034
|
+
abort(new AxiosError('maxContentLength size of ' + maxContentLength + ' exceeded', AxiosError.ERR_BAD_RESPONSE, config, lastRequest));
|
|
3686
4035
|
}
|
|
3687
4036
|
});
|
|
3688
4037
|
responseStream.on('aborted', function handlerStreamAborted() {
|
|
@@ -3745,7 +4094,11 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
|
3745
4094
|
const boundSockets = new Set();
|
|
3746
4095
|
req.on('socket', function handleRequestSocket(socket) {
|
|
3747
4096
|
// default interval of sending ack packet is 1 minute
|
|
3748
|
-
|
|
4097
|
+
// proxy agents (e.g. agent-base) may return a generic Duplex stream
|
|
4098
|
+
// that doesn't have setKeepAlive, so guard before calling
|
|
4099
|
+
if (typeof socket.setKeepAlive === 'function') {
|
|
4100
|
+
socket.setKeepAlive(true, 1000 * 60);
|
|
4101
|
+
}
|
|
3749
4102
|
|
|
3750
4103
|
// Install a single 'error' listener per socket (not per request) to avoid
|
|
3751
4104
|
// accumulating listeners on pooled keep-alive sockets that get reassigned
|
|
@@ -3775,9 +4128,9 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
|
3775
4128
|
});
|
|
3776
4129
|
|
|
3777
4130
|
// Handle request timeout
|
|
3778
|
-
if (
|
|
4131
|
+
if (own('timeout')) {
|
|
3779
4132
|
// This is forcing a int timeout to avoid problems if the `req` interface doesn't handle other types.
|
|
3780
|
-
const timeout = parseInt(
|
|
4133
|
+
const timeout = parseInt(own('timeout'), 10);
|
|
3781
4134
|
if (Number.isNaN(timeout)) {
|
|
3782
4135
|
abort(new AxiosError('error trying to parse `config.timeout` to int', AxiosError.ERR_BAD_OPTION_VALUE, config, req));
|
|
3783
4136
|
return;
|
|
@@ -3821,12 +4174,13 @@ var httpAdapter = isHttpAdapterSupported && function httpAdapter(config) {
|
|
|
3821
4174
|
}
|
|
3822
4175
|
});
|
|
3823
4176
|
|
|
3824
|
-
// Enforce maxBodyLength for streamed uploads on
|
|
3825
|
-
//
|
|
3826
|
-
//
|
|
4177
|
+
// Enforce maxBodyLength for streamed uploads on every transport that
|
|
4178
|
+
// does not apply options.maxBodyLength itself (native http/https, http2,
|
|
4179
|
+
// and user-supplied custom transports). The follow-redirects transport
|
|
4180
|
+
// enforces it on the redirected HTTP/1 path.
|
|
3827
4181
|
let uploadStream = data;
|
|
3828
|
-
if (
|
|
3829
|
-
const limit =
|
|
4182
|
+
if (maxBodyLength > -1 && !transportEnforcesMaxBodyLength) {
|
|
4183
|
+
const limit = maxBodyLength;
|
|
3830
4184
|
let bytesSent = 0;
|
|
3831
4185
|
uploadStream = stream.pipeline([data, new stream.Transform({
|
|
3832
4186
|
transform(chunk, _enc, cb) {
|
|
@@ -3889,7 +4243,11 @@ var cookies = platform.hasStandardBrowserEnv ?
|
|
|
3889
4243
|
const cookie = cookies[i].replace(/^\s+/, '');
|
|
3890
4244
|
const eq = cookie.indexOf('=');
|
|
3891
4245
|
if (eq !== -1 && cookie.slice(0, eq) === name) {
|
|
3892
|
-
|
|
4246
|
+
try {
|
|
4247
|
+
return decodeURIComponent(cookie.slice(eq + 1));
|
|
4248
|
+
} catch (e) {
|
|
4249
|
+
return cookie.slice(eq + 1);
|
|
4250
|
+
}
|
|
3893
4251
|
}
|
|
3894
4252
|
}
|
|
3895
4253
|
return null;
|
|
@@ -3922,6 +4280,7 @@ const headersToObject = thing => thing instanceof AxiosHeaders ? {
|
|
|
3922
4280
|
*/
|
|
3923
4281
|
function mergeConfig(config1, config2) {
|
|
3924
4282
|
// eslint-disable-next-line no-param-reassign
|
|
4283
|
+
config1 = config1 || {};
|
|
3925
4284
|
config2 = config2 || {};
|
|
3926
4285
|
|
|
3927
4286
|
// Use a null-prototype object so that downstream reads such as `config.auth`
|
|
@@ -3973,6 +4332,23 @@ function mergeConfig(config1, config2) {
|
|
|
3973
4332
|
return getMergedValue(undefined, a);
|
|
3974
4333
|
}
|
|
3975
4334
|
}
|
|
4335
|
+
function getMergedTransitionalOption(prop) {
|
|
4336
|
+
const transitional2 = utils$1.hasOwnProp(config2, 'transitional') ? config2.transitional : undefined;
|
|
4337
|
+
if (!utils$1.isUndefined(transitional2)) {
|
|
4338
|
+
if (utils$1.isPlainObject(transitional2)) {
|
|
4339
|
+
if (utils$1.hasOwnProp(transitional2, prop)) {
|
|
4340
|
+
return transitional2[prop];
|
|
4341
|
+
}
|
|
4342
|
+
} else {
|
|
4343
|
+
return undefined;
|
|
4344
|
+
}
|
|
4345
|
+
}
|
|
4346
|
+
const transitional1 = utils$1.hasOwnProp(config1, 'transitional') ? config1.transitional : undefined;
|
|
4347
|
+
if (utils$1.isPlainObject(transitional1) && utils$1.hasOwnProp(transitional1, prop)) {
|
|
4348
|
+
return transitional1[prop];
|
|
4349
|
+
}
|
|
4350
|
+
return undefined;
|
|
4351
|
+
}
|
|
3976
4352
|
|
|
3977
4353
|
// eslint-disable-next-line consistent-return
|
|
3978
4354
|
function mergeDirectKeys(a, b, prop) {
|
|
@@ -4025,6 +4401,13 @@ function mergeConfig(config1, config2) {
|
|
|
4025
4401
|
const configValue = merge(a, b, prop);
|
|
4026
4402
|
utils$1.isUndefined(configValue) && merge !== mergeDirectKeys || (config[prop] = configValue);
|
|
4027
4403
|
});
|
|
4404
|
+
if (utils$1.hasOwnProp(config2, 'validateStatus') && utils$1.isUndefined(config2.validateStatus) && getMergedTransitionalOption('validateStatusUndefinedResolves') === false) {
|
|
4405
|
+
if (utils$1.hasOwnProp(config1, 'validateStatus')) {
|
|
4406
|
+
config.validateStatus = getMergedValue(undefined, config1.validateStatus);
|
|
4407
|
+
} else {
|
|
4408
|
+
delete config.validateStatus;
|
|
4409
|
+
}
|
|
4410
|
+
}
|
|
4028
4411
|
return config;
|
|
4029
4412
|
}
|
|
4030
4413
|
|
|
@@ -4034,7 +4417,7 @@ function setFormDataHeaders(headers, formHeaders, policy) {
|
|
|
4034
4417
|
headers.set(formHeaders);
|
|
4035
4418
|
return;
|
|
4036
4419
|
}
|
|
4037
|
-
Object.entries(formHeaders).forEach(([key, val]) => {
|
|
4420
|
+
Object.entries(formHeaders || {}).forEach(([key, val]) => {
|
|
4038
4421
|
if (FORM_DATA_CONTENT_HEADERS.includes(key.toLowerCase())) {
|
|
4039
4422
|
headers.set(key, val);
|
|
4040
4423
|
}
|
|
@@ -4049,8 +4432,8 @@ function setFormDataHeaders(headers, formHeaders, policy) {
|
|
|
4049
4432
|
*
|
|
4050
4433
|
* @returns {string} UTF-8 bytes as a Latin-1 string
|
|
4051
4434
|
*/
|
|
4052
|
-
const encodeUTF8 = str => encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
|
|
4053
|
-
|
|
4435
|
+
const encodeUTF8$1 = str => encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
|
|
4436
|
+
function resolveConfig(config) {
|
|
4054
4437
|
const newConfig = mergeConfig({}, config);
|
|
4055
4438
|
|
|
4056
4439
|
// Read only own properties to prevent prototype pollution gadgets
|
|
@@ -4066,15 +4449,21 @@ var resolveConfig = config => {
|
|
|
4066
4449
|
const allowAbsoluteUrls = own('allowAbsoluteUrls');
|
|
4067
4450
|
const url = own('url');
|
|
4068
4451
|
newConfig.headers = headers = AxiosHeaders.from(headers);
|
|
4069
|
-
newConfig.url = buildURL(buildFullPath(baseURL, url, allowAbsoluteUrls),
|
|
4452
|
+
newConfig.url = buildURL(buildFullPath(baseURL, url, allowAbsoluteUrls, newConfig), own('params'), own('paramsSerializer'));
|
|
4070
4453
|
|
|
4071
4454
|
// HTTP basic authentication
|
|
4072
4455
|
if (auth) {
|
|
4073
|
-
|
|
4456
|
+
const username = utils$1.getSafeProp(auth, 'username') || '';
|
|
4457
|
+
const password = utils$1.getSafeProp(auth, 'password') || '';
|
|
4458
|
+
try {
|
|
4459
|
+
headers.set('Authorization', 'Basic ' + btoa(username + ':' + (password ? encodeUTF8$1(password) : '')));
|
|
4460
|
+
} catch (e) {
|
|
4461
|
+
throw AxiosError.from(e, AxiosError.ERR_BAD_OPTION_VALUE, config);
|
|
4462
|
+
}
|
|
4074
4463
|
}
|
|
4075
4464
|
if (utils$1.isFormData(data)) {
|
|
4076
|
-
if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv) {
|
|
4077
|
-
headers.setContentType(undefined); // browser handles it
|
|
4465
|
+
if (platform.hasStandardBrowserEnv || platform.hasStandardBrowserWebWorkerEnv || utils$1.isReactNative(data)) {
|
|
4466
|
+
headers.setContentType(undefined); // browser/web worker/RN handles it
|
|
4078
4467
|
} else if (utils$1.isFunction(data.getHeaders)) {
|
|
4079
4468
|
// Node.js FormData (like form-data package)
|
|
4080
4469
|
setFormDataHeaders(headers, data.getHeaders(), own('formDataHeaderPolicy'));
|
|
@@ -4102,7 +4491,7 @@ var resolveConfig = config => {
|
|
|
4102
4491
|
}
|
|
4103
4492
|
}
|
|
4104
4493
|
return newConfig;
|
|
4105
|
-
}
|
|
4494
|
+
}
|
|
4106
4495
|
|
|
4107
4496
|
const isXHRAdapterSupported = typeof XMLHttpRequest !== 'undefined';
|
|
4108
4497
|
var xhrAdapter = isXHRAdapterSupported && function (config) {
|
|
@@ -4271,6 +4660,7 @@ var xhrAdapter = isXHRAdapterSupported && function (config) {
|
|
|
4271
4660
|
const protocol = parseProtocol(_config.url);
|
|
4272
4661
|
if (protocol && !platform.protocols.includes(protocol)) {
|
|
4273
4662
|
reject(new AxiosError('Unsupported protocol ' + protocol + ':', AxiosError.ERR_BAD_REQUEST, config));
|
|
4663
|
+
done();
|
|
4274
4664
|
return;
|
|
4275
4665
|
}
|
|
4276
4666
|
|
|
@@ -4309,7 +4699,9 @@ const composeSignals = (signals, timeout) => {
|
|
|
4309
4699
|
});
|
|
4310
4700
|
signals = null;
|
|
4311
4701
|
};
|
|
4312
|
-
signals.forEach(signal => signal.addEventListener('abort', onabort
|
|
4702
|
+
signals.forEach(signal => signal.addEventListener('abort', onabort, {
|
|
4703
|
+
once: true
|
|
4704
|
+
}));
|
|
4313
4705
|
const {
|
|
4314
4706
|
signal
|
|
4315
4707
|
} = controller;
|
|
@@ -4403,6 +4795,31 @@ const DEFAULT_CHUNK_SIZE = 64 * 1024;
|
|
|
4403
4795
|
const {
|
|
4404
4796
|
isFunction
|
|
4405
4797
|
} = utils$1;
|
|
4798
|
+
|
|
4799
|
+
/**
|
|
4800
|
+
* Encode a UTF-8 string to a Latin-1 byte string for use with btoa().
|
|
4801
|
+
* This is a modern replacement for the deprecated unescape(encodeURIComponent(str)) pattern.
|
|
4802
|
+
*
|
|
4803
|
+
* @param {string} str The string to encode
|
|
4804
|
+
*
|
|
4805
|
+
* @returns {string} UTF-8 bytes as a Latin-1 string
|
|
4806
|
+
*/
|
|
4807
|
+
const encodeUTF8 = str => encodeURIComponent(str).replace(/%([0-9A-F]{2})/gi, (_, hex) => String.fromCharCode(parseInt(hex, 16)));
|
|
4808
|
+
|
|
4809
|
+
// Node's WHATWG URL parser returns `username` and `password` percent-encoded.
|
|
4810
|
+
// Decode before composing the `auth` option so credentials such as
|
|
4811
|
+
// `my%40email.com:pass` are sent as `my@email.com:pass`. Falls back to the
|
|
4812
|
+
// original value for malformed input so a bad encoding never throws.
|
|
4813
|
+
const decodeURIComponentSafe = value => {
|
|
4814
|
+
if (!utils$1.isString(value)) {
|
|
4815
|
+
return value;
|
|
4816
|
+
}
|
|
4817
|
+
try {
|
|
4818
|
+
return decodeURIComponent(value);
|
|
4819
|
+
} catch (error) {
|
|
4820
|
+
return value;
|
|
4821
|
+
}
|
|
4822
|
+
};
|
|
4406
4823
|
const test = (fn, ...args) => {
|
|
4407
4824
|
try {
|
|
4408
4825
|
return !!fn(...args);
|
|
@@ -4410,6 +4827,14 @@ const test = (fn, ...args) => {
|
|
|
4410
4827
|
return false;
|
|
4411
4828
|
}
|
|
4412
4829
|
};
|
|
4830
|
+
const maybeWithAuthCredentials = url => {
|
|
4831
|
+
const protocolIndex = url.indexOf('://');
|
|
4832
|
+
let urlToCheck = url;
|
|
4833
|
+
if (protocolIndex !== -1) {
|
|
4834
|
+
urlToCheck = urlToCheck.slice(protocolIndex + 3);
|
|
4835
|
+
}
|
|
4836
|
+
return urlToCheck.includes('@') || urlToCheck.includes(':');
|
|
4837
|
+
};
|
|
4413
4838
|
const factory = env => {
|
|
4414
4839
|
const globalObject = utils$1.global !== undefined && utils$1.global !== null ? utils$1.global : globalThis;
|
|
4415
4840
|
const {
|
|
@@ -4513,6 +4938,7 @@ const factory = env => {
|
|
|
4513
4938
|
} = resolveConfig(config);
|
|
4514
4939
|
const hasMaxContentLength = utils$1.isNumber(maxContentLength) && maxContentLength > -1;
|
|
4515
4940
|
const hasMaxBodyLength = utils$1.isNumber(maxBodyLength) && maxBodyLength > -1;
|
|
4941
|
+
const own = key => utils$1.hasOwnProp(config, key) ? config[key] : undefined;
|
|
4516
4942
|
let _fetch = envFetch || fetch;
|
|
4517
4943
|
responseType = responseType ? (responseType + '').toLowerCase() : 'text';
|
|
4518
4944
|
let composedSignal = composeSignals([signal, cancelToken && cancelToken.toAbortSignal()], timeout);
|
|
@@ -4521,7 +4947,46 @@ const factory = env => {
|
|
|
4521
4947
|
composedSignal.unsubscribe();
|
|
4522
4948
|
});
|
|
4523
4949
|
let requestContentLength;
|
|
4950
|
+
|
|
4951
|
+
// AxiosError we raise while the request body is being streamed. Captured
|
|
4952
|
+
// by identity so the catch block can surface it directly, regardless of
|
|
4953
|
+
// how the runtime wraps the resulting fetch rejection (undici exposes it
|
|
4954
|
+
// as `err.cause`; some browsers drop the original error entirely).
|
|
4955
|
+
let pendingBodyError = null;
|
|
4956
|
+
const maxBodyLengthError = () => new AxiosError('Request body larger than maxBodyLength limit', AxiosError.ERR_BAD_REQUEST, config, request);
|
|
4524
4957
|
try {
|
|
4958
|
+
// HTTP basic authentication
|
|
4959
|
+
let auth = undefined;
|
|
4960
|
+
const configAuth = own('auth');
|
|
4961
|
+
if (configAuth) {
|
|
4962
|
+
const username = utils$1.getSafeProp(configAuth, 'username') || '';
|
|
4963
|
+
const password = utils$1.getSafeProp(configAuth, 'password') || '';
|
|
4964
|
+
auth = {
|
|
4965
|
+
username,
|
|
4966
|
+
password
|
|
4967
|
+
};
|
|
4968
|
+
}
|
|
4969
|
+
if (maybeWithAuthCredentials(url)) {
|
|
4970
|
+
const parsedURL = new URL(url, platform.origin);
|
|
4971
|
+
if (!auth && (parsedURL.username || parsedURL.password)) {
|
|
4972
|
+
const urlUsername = decodeURIComponentSafe(parsedURL.username);
|
|
4973
|
+
const urlPassword = decodeURIComponentSafe(parsedURL.password);
|
|
4974
|
+
auth = {
|
|
4975
|
+
username: urlUsername,
|
|
4976
|
+
password: urlPassword
|
|
4977
|
+
};
|
|
4978
|
+
}
|
|
4979
|
+
if (parsedURL.username || parsedURL.password) {
|
|
4980
|
+
parsedURL.username = '';
|
|
4981
|
+
parsedURL.password = '';
|
|
4982
|
+
url = parsedURL.href;
|
|
4983
|
+
}
|
|
4984
|
+
}
|
|
4985
|
+
if (auth) {
|
|
4986
|
+
headers.delete('authorization');
|
|
4987
|
+
headers.set('Authorization', 'Basic ' + btoa(encodeUTF8((auth.username || '') + ':' + (auth.password || ''))));
|
|
4988
|
+
}
|
|
4989
|
+
|
|
4525
4990
|
// Enforce maxContentLength for data: URLs up-front so we never materialize
|
|
4526
4991
|
// an oversized payload. The HTTP adapter applies the same check (see http.js
|
|
4527
4992
|
// "if (protocol === 'data:')" branch).
|
|
@@ -4532,30 +4997,54 @@ const factory = env => {
|
|
|
4532
4997
|
}
|
|
4533
4998
|
}
|
|
4534
4999
|
|
|
4535
|
-
// Enforce maxBodyLength against
|
|
4536
|
-
//
|
|
4537
|
-
//
|
|
4538
|
-
//
|
|
5000
|
+
// Enforce maxBodyLength against known-size bodies before dispatch using
|
|
5001
|
+
// the body's *actual* size — never a caller-declared Content-Length,
|
|
5002
|
+
// which could under-report to slip an oversized body past the check.
|
|
5003
|
+
// Unknown-size streams return undefined here and are counted per-chunk
|
|
5004
|
+
// below as fetch consumes them.
|
|
4539
5005
|
if (hasMaxBodyLength && method !== 'get' && method !== 'head') {
|
|
4540
|
-
const outboundLength = await
|
|
4541
|
-
if (typeof outboundLength === 'number' && isFinite(outboundLength)
|
|
4542
|
-
|
|
5006
|
+
const outboundLength = await getBodyLength(data);
|
|
5007
|
+
if (typeof outboundLength === 'number' && isFinite(outboundLength)) {
|
|
5008
|
+
requestContentLength = outboundLength;
|
|
5009
|
+
if (outboundLength > maxBodyLength) {
|
|
5010
|
+
throw maxBodyLengthError();
|
|
5011
|
+
}
|
|
4543
5012
|
}
|
|
4544
5013
|
}
|
|
4545
|
-
|
|
4546
|
-
|
|
4547
|
-
|
|
4548
|
-
|
|
4549
|
-
|
|
4550
|
-
|
|
4551
|
-
|
|
4552
|
-
if (utils$1.isFormData(data) && (contentTypeHeader = _request.headers.get('content-type'))) {
|
|
4553
|
-
headers.setContentType(contentTypeHeader);
|
|
5014
|
+
|
|
5015
|
+
// A streamed body under maxBodyLength must be counted as fetch consumes
|
|
5016
|
+
// it; its size is never trusted from a caller-declared Content-Length.
|
|
5017
|
+
const mustEnforceStreamBody = hasMaxBodyLength && (utils$1.isReadableStream(data) || utils$1.isStream(data));
|
|
5018
|
+
const trackRequestStream = (stream, onProgress, flush) => trackStream(stream, DEFAULT_CHUNK_SIZE, loadedBytes => {
|
|
5019
|
+
if (hasMaxBodyLength && loadedBytes > maxBodyLength) {
|
|
5020
|
+
throw pendingBodyError = maxBodyLengthError();
|
|
4554
5021
|
}
|
|
4555
|
-
|
|
4556
|
-
|
|
4557
|
-
|
|
5022
|
+
onProgress && onProgress(loadedBytes);
|
|
5023
|
+
}, flush);
|
|
5024
|
+
if (supportsRequestStream && method !== 'get' && method !== 'head' && (onUploadProgress || mustEnforceStreamBody)) {
|
|
5025
|
+
requestContentLength = requestContentLength == null ? await resolveBodyLength(headers, data) : requestContentLength;
|
|
5026
|
+
|
|
5027
|
+
// A declared length of 0 is only trusted to skip the wrap when we are
|
|
5028
|
+
// not enforcing a stream limit (which must not rely on that header).
|
|
5029
|
+
if (requestContentLength !== 0 || mustEnforceStreamBody) {
|
|
5030
|
+
let _request = new Request(url, {
|
|
5031
|
+
method: 'POST',
|
|
5032
|
+
body: data,
|
|
5033
|
+
duplex: 'half'
|
|
5034
|
+
});
|
|
5035
|
+
let contentTypeHeader;
|
|
5036
|
+
if (utils$1.isFormData(data) && (contentTypeHeader = _request.headers.get('content-type'))) {
|
|
5037
|
+
headers.setContentType(contentTypeHeader);
|
|
5038
|
+
}
|
|
5039
|
+
if (_request.body) {
|
|
5040
|
+
const [onProgress, flush] = onUploadProgress && progressEventDecorator(requestContentLength, progressEventReducer(asyncDecorator(onUploadProgress))) || [];
|
|
5041
|
+
data = trackRequestStream(_request.body, onProgress, flush);
|
|
5042
|
+
}
|
|
4558
5043
|
}
|
|
5044
|
+
} else if (mustEnforceStreamBody && !isRequestSupported && isReadableStreamSupported && method !== 'get' && method !== 'head') {
|
|
5045
|
+
data = trackRequestStream(data);
|
|
5046
|
+
} else if (mustEnforceStreamBody && isRequestSupported && !supportsRequestStream && method !== 'get' && method !== 'head') {
|
|
5047
|
+
throw new AxiosError('Stream request bodies are not supported by the current fetch implementation', AxiosError.ERR_NOT_SUPPORT, config, request);
|
|
4559
5048
|
}
|
|
4560
5049
|
if (!utils$1.isString(withCredentials)) {
|
|
4561
5050
|
withCredentials = withCredentials ? 'include' : 'omit';
|
|
@@ -4587,11 +5076,12 @@ const factory = env => {
|
|
|
4587
5076
|
};
|
|
4588
5077
|
request = isRequestSupported && new Request(url, resolvedOptions);
|
|
4589
5078
|
let response = await (isRequestSupported ? _fetch(request, fetchOptions) : _fetch(url, resolvedOptions));
|
|
5079
|
+
const responseHeaders = AxiosHeaders.from(response.headers);
|
|
4590
5080
|
|
|
4591
5081
|
// Cheap pre-check: if the server honestly declares a content-length that
|
|
4592
5082
|
// already exceeds the cap, reject before we start streaming.
|
|
4593
5083
|
if (hasMaxContentLength) {
|
|
4594
|
-
const declaredLength = utils$1.toFiniteNumber(
|
|
5084
|
+
const declaredLength = utils$1.toFiniteNumber(responseHeaders.getContentLength());
|
|
4595
5085
|
if (declaredLength != null && declaredLength > maxContentLength) {
|
|
4596
5086
|
throw new AxiosError('maxContentLength size of ' + maxContentLength + ' exceeded', AxiosError.ERR_BAD_RESPONSE, config, request);
|
|
4597
5087
|
}
|
|
@@ -4602,7 +5092,7 @@ const factory = env => {
|
|
|
4602
5092
|
['status', 'statusText', 'headers'].forEach(prop => {
|
|
4603
5093
|
options[prop] = response[prop];
|
|
4604
5094
|
});
|
|
4605
|
-
const responseContentLength = utils$1.toFiniteNumber(
|
|
5095
|
+
const responseContentLength = utils$1.toFiniteNumber(responseHeaders.getContentLength());
|
|
4606
5096
|
const [onProgress, flush] = onDownloadProgress && progressEventDecorator(responseContentLength, progressEventReducer(asyncDecorator(onDownloadProgress), true)) || [];
|
|
4607
5097
|
let bytesRead = 0;
|
|
4608
5098
|
const onChunkProgress = loadedBytes => {
|
|
@@ -4661,13 +5151,48 @@ const factory = env => {
|
|
|
4661
5151
|
const canceledError = composedSignal.reason;
|
|
4662
5152
|
canceledError.config = config;
|
|
4663
5153
|
request && (canceledError.request = request);
|
|
4664
|
-
err !== canceledError
|
|
5154
|
+
if (err !== canceledError) {
|
|
5155
|
+
// Non-enumerable to match native Error `cause` semantics so loggers
|
|
5156
|
+
// don't recurse into circular fetch internals (see #7205).
|
|
5157
|
+
Object.defineProperty(canceledError, 'cause', {
|
|
5158
|
+
__proto__: null,
|
|
5159
|
+
value: err,
|
|
5160
|
+
writable: true,
|
|
5161
|
+
enumerable: false,
|
|
5162
|
+
configurable: true
|
|
5163
|
+
});
|
|
5164
|
+
}
|
|
4665
5165
|
throw canceledError;
|
|
4666
5166
|
}
|
|
5167
|
+
|
|
5168
|
+
// Surface a maxBodyLength violation we raised while the request body was
|
|
5169
|
+
// being streamed. Matching by identity (rather than reading
|
|
5170
|
+
// `err.cause.isAxiosError`) keeps the error deterministic across runtimes
|
|
5171
|
+
// and avoids both prototype-pollution reads and mis-attributing a foreign
|
|
5172
|
+
// AxiosError that merely happened to land in `err.cause`.
|
|
5173
|
+
if (pendingBodyError) {
|
|
5174
|
+
request && !pendingBodyError.request && (pendingBodyError.request = request);
|
|
5175
|
+
throw pendingBodyError;
|
|
5176
|
+
}
|
|
5177
|
+
|
|
5178
|
+
// Re-throw AxiosErrors we raised synchronously (data: URL / content-length
|
|
5179
|
+
// pre-checks, response size enforcement) without re-wrapping them.
|
|
5180
|
+
if (err instanceof AxiosError) {
|
|
5181
|
+
request && !err.request && (err.request = request);
|
|
5182
|
+
throw err;
|
|
5183
|
+
}
|
|
4667
5184
|
if (err && err.name === 'TypeError' && /Load failed|fetch/i.test(err.message)) {
|
|
4668
|
-
|
|
4669
|
-
|
|
5185
|
+
const networkError = new AxiosError('Network Error', AxiosError.ERR_NETWORK, config, request, err && err.response);
|
|
5186
|
+
// Non-enumerable to match native Error `cause` semantics so loggers
|
|
5187
|
+
// don't recurse into circular fetch internals (see #7205).
|
|
5188
|
+
Object.defineProperty(networkError, 'cause', {
|
|
5189
|
+
__proto__: null,
|
|
5190
|
+
value: err.cause || err,
|
|
5191
|
+
writable: true,
|
|
5192
|
+
enumerable: false,
|
|
5193
|
+
configurable: true
|
|
4670
5194
|
});
|
|
5195
|
+
throw networkError;
|
|
4671
5196
|
}
|
|
4672
5197
|
throw AxiosError.from(err, err && err.code, config, request, err && err.response);
|
|
4673
5198
|
}
|
|
@@ -4786,7 +5311,7 @@ function getAdapter(adapters, config) {
|
|
|
4786
5311
|
if (!adapter) {
|
|
4787
5312
|
const reasons = Object.entries(rejectedReasons).map(([id, state]) => `adapter ${id} ` + (state === false ? 'is not supported by the environment' : 'is not available in the build'));
|
|
4788
5313
|
let s = length ? reasons.length > 1 ? 'since :\n' + reasons.map(renderReason).join('\n') : ' ' + renderReason(reasons[0]) : 'as no adapter specified';
|
|
4789
|
-
throw new AxiosError(`There is no suitable adapter to dispatch the request ` + s,
|
|
5314
|
+
throw new AxiosError(`There is no suitable adapter to dispatch the request ` + s, AxiosError.ERR_NOT_SUPPORT);
|
|
4790
5315
|
}
|
|
4791
5316
|
return adapter;
|
|
4792
5317
|
}
|
|
@@ -4929,7 +5454,7 @@ validators$1.spelling = function spelling(correctSpelling) {
|
|
|
4929
5454
|
*/
|
|
4930
5455
|
|
|
4931
5456
|
function assertOptions(options, schema, allowUnknown) {
|
|
4932
|
-
if (typeof options !== 'object') {
|
|
5457
|
+
if (typeof options !== 'object' || options === null) {
|
|
4933
5458
|
throw new AxiosError('options must be an object', AxiosError.ERR_BAD_OPTION_VALUE);
|
|
4934
5459
|
}
|
|
4935
5460
|
const keys = Object.keys(options);
|
|
@@ -5038,7 +5563,9 @@ class Axios {
|
|
|
5038
5563
|
silentJSONParsing: validators.transitional(validators.boolean),
|
|
5039
5564
|
forcedJSONParsing: validators.transitional(validators.boolean),
|
|
5040
5565
|
clarifyTimeoutError: validators.transitional(validators.boolean),
|
|
5041
|
-
legacyInterceptorReqResOrdering: validators.transitional(validators.boolean)
|
|
5566
|
+
legacyInterceptorReqResOrdering: validators.transitional(validators.boolean),
|
|
5567
|
+
advertiseZstdAcceptEncoding: validators.transitional(validators.boolean),
|
|
5568
|
+
validateStatusUndefinedResolves: validators.transitional(validators.boolean)
|
|
5042
5569
|
}, false);
|
|
5043
5570
|
}
|
|
5044
5571
|
if (paramsSerializer != null) {
|
|
@@ -5135,7 +5662,7 @@ class Axios {
|
|
|
5135
5662
|
}
|
|
5136
5663
|
getUri(config) {
|
|
5137
5664
|
config = mergeConfig(this.defaults, config);
|
|
5138
|
-
const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls);
|
|
5665
|
+
const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls, config);
|
|
5139
5666
|
return buildURL(fullPath, config.params, config.paramsSerializer);
|
|
5140
5667
|
}
|
|
5141
5668
|
}
|
|
@@ -5147,7 +5674,7 @@ utils$1.forEach(['delete', 'get', 'head', 'options'], function forEachMethodNoDa
|
|
|
5147
5674
|
return this.request(mergeConfig(config || {}, {
|
|
5148
5675
|
method,
|
|
5149
5676
|
url,
|
|
5150
|
-
data: (config
|
|
5677
|
+
data: config && utils$1.hasOwnProp(config, 'data') ? config.data : undefined
|
|
5151
5678
|
}));
|
|
5152
5679
|
};
|
|
5153
5680
|
});
|