reflex-search 1.5.2 → 1.5.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/node_modules/.package-lock.json +15 -15
- package/node_modules/axios/CHANGELOG.md +126 -1
- package/node_modules/axios/README.md +390 -257
- package/node_modules/axios/dist/axios.js +511 -154
- package/node_modules/axios/dist/axios.min.js +3 -3
- package/node_modules/axios/dist/axios.min.js.map +1 -1
- package/node_modules/axios/dist/browser/axios.cjs +537 -124
- package/node_modules/axios/dist/esm/axios.js +537 -124
- package/node_modules/axios/dist/esm/axios.min.js +2 -2
- package/node_modules/axios/dist/esm/axios.min.js.map +1 -1
- package/node_modules/axios/dist/node/axios.cjs +753 -226
- package/node_modules/axios/index.d.cts +27 -4
- package/node_modules/axios/index.d.ts +23 -2
- package/node_modules/axios/lib/adapters/adapters.js +1 -1
- package/node_modules/axios/lib/adapters/fetch.js +217 -47
- package/node_modules/axios/lib/adapters/http.js +274 -169
- package/node_modules/axios/lib/adapters/xhr.js +1 -0
- package/node_modules/axios/lib/core/Axios.js +4 -2
- package/node_modules/axios/lib/core/AxiosError.js +13 -1
- package/node_modules/axios/lib/core/AxiosHeaders.js +12 -9
- package/node_modules/axios/lib/core/buildFullPath.js +29 -1
- package/node_modules/axios/lib/core/mergeConfig.js +35 -0
- package/node_modules/axios/lib/defaults/transitional.js +2 -0
- package/node_modules/axios/lib/env/data.js +1 -1
- package/node_modules/axios/lib/helpers/AxiosURLSearchParams.js +1 -3
- package/node_modules/axios/lib/helpers/Http2Sessions.js +119 -0
- package/node_modules/axios/lib/helpers/buildURL.js +7 -4
- package/node_modules/axios/lib/helpers/composeSignals.js +1 -1
- package/node_modules/axios/lib/helpers/cookies.js +5 -1
- package/node_modules/axios/lib/helpers/estimateDataURLDecodedBytes.js +16 -11
- package/node_modules/axios/lib/helpers/formDataToJSON.js +25 -3
- package/node_modules/axios/lib/helpers/formDataToStream.js +2 -2
- package/node_modules/axios/lib/helpers/fromDataURI.js +4 -2
- package/node_modules/axios/lib/helpers/resolveConfig.js +26 -13
- package/node_modules/axios/lib/helpers/shouldBypassProxy.js +33 -1
- package/node_modules/axios/lib/helpers/toFormData.js +48 -12
- package/node_modules/axios/lib/helpers/validator.js +1 -1
- package/node_modules/axios/lib/utils.js +97 -12
- package/node_modules/axios/package.json +29 -13
- package/node_modules/brace-expansion/dist/commonjs/index.js +24 -14
- package/node_modules/brace-expansion/dist/commonjs/index.js.map +1 -1
- package/node_modules/brace-expansion/dist/esm/index.js +24 -14
- package/node_modules/brace-expansion/dist/esm/index.js.map +1 -1
- package/node_modules/brace-expansion/package.json +2 -2
- package/node_modules/form-data/CHANGELOG.md +29 -2
- package/node_modules/form-data/README.md +4 -4
- package/node_modules/form-data/lib/form_data.js +14 -2
- package/node_modules/form-data/package.json +7 -7
- package/node_modules/hasown/CHANGELOG.md +18 -0
- package/node_modules/hasown/eslint.config.mjs +6 -0
- package/node_modules/hasown/package.json +13 -14
- package/npm-shrinkwrap.json +16 -16
- package/package.json +2 -2
- package/node_modules/axios/dist/axios.js.map +0 -1
- package/node_modules/axios/dist/browser/axios.cjs.map +0 -1
- package/node_modules/axios/dist/esm/axios.js.map +0 -1
- package/node_modules/axios/dist/node/axios.cjs.map +0 -1
- package/node_modules/hasown/.eslintrc +0 -5
|
@@ -101,6 +101,8 @@ class Axios {
|
|
|
101
101
|
forcedJSONParsing: validators.transitional(validators.boolean),
|
|
102
102
|
clarifyTimeoutError: validators.transitional(validators.boolean),
|
|
103
103
|
legacyInterceptorReqResOrdering: validators.transitional(validators.boolean),
|
|
104
|
+
advertiseZstdAcceptEncoding: validators.transitional(validators.boolean),
|
|
105
|
+
validateStatusUndefinedResolves: validators.transitional(validators.boolean),
|
|
104
106
|
},
|
|
105
107
|
false
|
|
106
108
|
);
|
|
@@ -232,7 +234,7 @@ class Axios {
|
|
|
232
234
|
|
|
233
235
|
getUri(config) {
|
|
234
236
|
config = mergeConfig(this.defaults, config);
|
|
235
|
-
const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls);
|
|
237
|
+
const fullPath = buildFullPath(config.baseURL, config.url, config.allowAbsoluteUrls, config);
|
|
236
238
|
return buildURL(fullPath, config.params, config.paramsSerializer);
|
|
237
239
|
}
|
|
238
240
|
}
|
|
@@ -245,7 +247,7 @@ utils.forEach(['delete', 'get', 'head', 'options'], function forEachMethodNoData
|
|
|
245
247
|
mergeConfig(config || {}, {
|
|
246
248
|
method,
|
|
247
249
|
url,
|
|
248
|
-
data: (config
|
|
250
|
+
data: config && utils.hasOwnProp(config, 'data') ? config.data : undefined,
|
|
249
251
|
})
|
|
250
252
|
);
|
|
251
253
|
};
|
|
@@ -75,7 +75,19 @@ function redactConfig(config, redactKeys) {
|
|
|
75
75
|
class AxiosError extends Error {
|
|
76
76
|
static from(error, code, config, request, response, customProps) {
|
|
77
77
|
const axiosError = new AxiosError(error.message, code || error.code, config, request, response);
|
|
78
|
-
|
|
78
|
+
// Match native `Error` `cause` semantics: non-enumerable. The wrapped
|
|
79
|
+
// error often carries circular internals (sockets, requests, agents), so
|
|
80
|
+
// an enumerable `cause` makes structured loggers (pino/winston) and any
|
|
81
|
+
// own-property walk throw "Converting circular structure to JSON".
|
|
82
|
+
// Regression from #6982; see #7205. `__proto__: null` mirrors the
|
|
83
|
+
// `message` descriptor below (prototype-pollution-safe descriptor).
|
|
84
|
+
Object.defineProperty(axiosError, 'cause', {
|
|
85
|
+
__proto__: null,
|
|
86
|
+
value: error,
|
|
87
|
+
writable: true,
|
|
88
|
+
enumerable: false,
|
|
89
|
+
configurable: true,
|
|
90
|
+
});
|
|
79
91
|
axiosError.name = error.name;
|
|
80
92
|
|
|
81
93
|
// Preserve status from the original error if not already set from response
|
|
@@ -89,7 +89,7 @@ class AxiosHeaders {
|
|
|
89
89
|
const lHeader = normalizeHeader(_header);
|
|
90
90
|
|
|
91
91
|
if (!lHeader) {
|
|
92
|
-
|
|
92
|
+
return;
|
|
93
93
|
}
|
|
94
94
|
|
|
95
95
|
const key = utils.findKey(self, lHeader);
|
|
@@ -111,20 +111,23 @@ class AxiosHeaders {
|
|
|
111
111
|
setHeaders(header, valueOrRewrite);
|
|
112
112
|
} else if (utils.isString(header) && (header = header.trim()) && !isValidHeaderName(header)) {
|
|
113
113
|
setHeaders(parseHeaders(header), valueOrRewrite);
|
|
114
|
-
} else if (utils.isObject(header) && utils.
|
|
115
|
-
let obj =
|
|
114
|
+
} else if (utils.isObject(header) && utils.isSafeIterable(header)) {
|
|
115
|
+
let obj = Object.create(null),
|
|
116
116
|
dest,
|
|
117
117
|
key;
|
|
118
118
|
for (const entry of header) {
|
|
119
119
|
if (!utils.isArray(entry)) {
|
|
120
|
-
throw TypeError('Object iterator must return a key-value pair');
|
|
120
|
+
throw new TypeError('Object iterator must return a key-value pair');
|
|
121
121
|
}
|
|
122
122
|
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
: entry[1];
|
|
123
|
+
key = entry[0];
|
|
124
|
+
|
|
125
|
+
if (utils.hasOwnProp(obj, key)) {
|
|
126
|
+
dest = obj[key];
|
|
127
|
+
obj[key] = utils.isArray(dest) ? [...dest, entry[1]] : [dest, entry[1]];
|
|
128
|
+
} else {
|
|
129
|
+
obj[key] = entry[1];
|
|
130
|
+
}
|
|
128
131
|
}
|
|
129
132
|
|
|
130
133
|
setHeaders(obj, valueOrRewrite);
|
|
@@ -1,8 +1,34 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
+
import AxiosError from './AxiosError.js';
|
|
3
4
|
import isAbsoluteURL from '../helpers/isAbsoluteURL.js';
|
|
4
5
|
import combineURLs from '../helpers/combineURLs.js';
|
|
5
6
|
|
|
7
|
+
const malformedHttpProtocol = /^https?:(?!\/\/)/i;
|
|
8
|
+
const httpProtocolControlCharacters = /[\t\n\r]/g;
|
|
9
|
+
|
|
10
|
+
function stripLeadingC0ControlOrSpace(url) {
|
|
11
|
+
let i = 0;
|
|
12
|
+
while (i < url.length && url.charCodeAt(i) <= 0x20) {
|
|
13
|
+
i++;
|
|
14
|
+
}
|
|
15
|
+
return url.slice(i);
|
|
16
|
+
}
|
|
17
|
+
|
|
18
|
+
function normalizeURLForProtocolCheck(url) {
|
|
19
|
+
return stripLeadingC0ControlOrSpace(url).replace(httpProtocolControlCharacters, '');
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
function assertValidHttpProtocolURL(url, config) {
|
|
23
|
+
if (typeof url === 'string' && malformedHttpProtocol.test(normalizeURLForProtocolCheck(url))) {
|
|
24
|
+
throw new AxiosError(
|
|
25
|
+
'Invalid URL: missing "//" after protocol',
|
|
26
|
+
AxiosError.ERR_INVALID_URL,
|
|
27
|
+
config
|
|
28
|
+
);
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
|
|
6
32
|
/**
|
|
7
33
|
* Creates a new URL by combining the baseURL with the requestedURL,
|
|
8
34
|
* only when the requestedURL is not already an absolute URL.
|
|
@@ -13,9 +39,11 @@ import combineURLs from '../helpers/combineURLs.js';
|
|
|
13
39
|
*
|
|
14
40
|
* @returns {string} The combined full path
|
|
15
41
|
*/
|
|
16
|
-
export default function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls) {
|
|
42
|
+
export default function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls, config) {
|
|
43
|
+
assertValidHttpProtocolURL(requestedURL, config);
|
|
17
44
|
let isRelativeUrl = !isAbsoluteURL(requestedURL);
|
|
18
45
|
if (baseURL && (isRelativeUrl || allowAbsoluteUrls === false)) {
|
|
46
|
+
assertValidHttpProtocolURL(baseURL, config);
|
|
19
47
|
return combineURLs(baseURL, requestedURL);
|
|
20
48
|
}
|
|
21
49
|
return requestedURL;
|
|
@@ -16,6 +16,7 @@ const headersToObject = (thing) => (thing instanceof AxiosHeaders ? { ...thing }
|
|
|
16
16
|
*/
|
|
17
17
|
export default function mergeConfig(config1, config2) {
|
|
18
18
|
// eslint-disable-next-line no-param-reassign
|
|
19
|
+
config1 = config1 || {};
|
|
19
20
|
config2 = config2 || {};
|
|
20
21
|
|
|
21
22
|
// Use a null-prototype object so that downstream reads such as `config.auth`
|
|
@@ -68,6 +69,28 @@ export default function mergeConfig(config1, config2) {
|
|
|
68
69
|
}
|
|
69
70
|
}
|
|
70
71
|
|
|
72
|
+
function getMergedTransitionalOption(prop) {
|
|
73
|
+
const transitional2 = utils.hasOwnProp(config2, 'transitional') ? config2.transitional : undefined;
|
|
74
|
+
|
|
75
|
+
if (!utils.isUndefined(transitional2)) {
|
|
76
|
+
if (utils.isPlainObject(transitional2)) {
|
|
77
|
+
if (utils.hasOwnProp(transitional2, prop)) {
|
|
78
|
+
return transitional2[prop];
|
|
79
|
+
}
|
|
80
|
+
} else {
|
|
81
|
+
return undefined;
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
const transitional1 = utils.hasOwnProp(config1, 'transitional') ? config1.transitional : undefined;
|
|
86
|
+
|
|
87
|
+
if (utils.isPlainObject(transitional1) && utils.hasOwnProp(transitional1, prop)) {
|
|
88
|
+
return transitional1[prop];
|
|
89
|
+
}
|
|
90
|
+
|
|
91
|
+
return undefined;
|
|
92
|
+
}
|
|
93
|
+
|
|
71
94
|
// eslint-disable-next-line consistent-return
|
|
72
95
|
function mergeDirectKeys(a, b, prop) {
|
|
73
96
|
if (utils.hasOwnProp(config2, prop)) {
|
|
@@ -120,5 +143,17 @@ export default function mergeConfig(config1, config2) {
|
|
|
120
143
|
(utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);
|
|
121
144
|
});
|
|
122
145
|
|
|
146
|
+
if (
|
|
147
|
+
utils.hasOwnProp(config2, 'validateStatus') &&
|
|
148
|
+
utils.isUndefined(config2.validateStatus) &&
|
|
149
|
+
getMergedTransitionalOption('validateStatusUndefinedResolves') === false
|
|
150
|
+
) {
|
|
151
|
+
if (utils.hasOwnProp(config1, 'validateStatus')) {
|
|
152
|
+
config.validateStatus = getMergedValue(undefined, config1.validateStatus);
|
|
153
|
+
} else {
|
|
154
|
+
delete config.validateStatus;
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
|
|
123
158
|
return config;
|
|
124
159
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
export const VERSION = "1.
|
|
1
|
+
export const VERSION = "1.18.1";
|
|
@@ -46,9 +46,7 @@ prototype.append = function append(name, value) {
|
|
|
46
46
|
|
|
47
47
|
prototype.toString = function toString(encoder) {
|
|
48
48
|
const _encode = encoder
|
|
49
|
-
?
|
|
50
|
-
return encoder.call(this, value, encode);
|
|
51
|
-
}
|
|
49
|
+
? (value) => encoder.call(this, value, encode)
|
|
52
50
|
: encode;
|
|
53
51
|
|
|
54
52
|
return this._pairs
|
|
@@ -0,0 +1,119 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
// Node-only: relies on the built-in `http2` module. Browser/react-native
|
|
4
|
+
// builds replace `lib/adapters/http.js` (the sole importer) with `lib/helpers/null.js`
|
|
5
|
+
// via the `browser` package.json field, so this module is never reached in
|
|
6
|
+
// those environments. Do not import it from any browser-reachable code path.
|
|
7
|
+
|
|
8
|
+
import http2 from 'http2';
|
|
9
|
+
import util from 'util';
|
|
10
|
+
|
|
11
|
+
class Http2Sessions {
|
|
12
|
+
constructor() {
|
|
13
|
+
this.sessions = Object.create(null);
|
|
14
|
+
}
|
|
15
|
+
|
|
16
|
+
getSession(authority, options) {
|
|
17
|
+
options = Object.assign(
|
|
18
|
+
{
|
|
19
|
+
sessionTimeout: 1000,
|
|
20
|
+
},
|
|
21
|
+
options
|
|
22
|
+
);
|
|
23
|
+
|
|
24
|
+
let authoritySessions = this.sessions[authority];
|
|
25
|
+
|
|
26
|
+
if (authoritySessions) {
|
|
27
|
+
let len = authoritySessions.length;
|
|
28
|
+
|
|
29
|
+
for (let i = 0; i < len; i++) {
|
|
30
|
+
const [sessionHandle, sessionOptions] = authoritySessions[i];
|
|
31
|
+
if (
|
|
32
|
+
!sessionHandle.destroyed &&
|
|
33
|
+
!sessionHandle.closed &&
|
|
34
|
+
util.isDeepStrictEqual(sessionOptions, options)
|
|
35
|
+
) {
|
|
36
|
+
return sessionHandle;
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
const session = http2.connect(authority, options);
|
|
42
|
+
|
|
43
|
+
let removed;
|
|
44
|
+
let timer;
|
|
45
|
+
|
|
46
|
+
const removeSession = () => {
|
|
47
|
+
if (removed) {
|
|
48
|
+
return;
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
removed = true;
|
|
52
|
+
|
|
53
|
+
if (timer) {
|
|
54
|
+
clearTimeout(timer);
|
|
55
|
+
timer = null;
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
let entries = authoritySessions,
|
|
59
|
+
len = entries.length,
|
|
60
|
+
i = len;
|
|
61
|
+
|
|
62
|
+
while (i--) {
|
|
63
|
+
if (entries[i][0] === session) {
|
|
64
|
+
if (len === 1) {
|
|
65
|
+
delete this.sessions[authority];
|
|
66
|
+
} else {
|
|
67
|
+
entries.splice(i, 1);
|
|
68
|
+
}
|
|
69
|
+
if (!session.closed) {
|
|
70
|
+
session.close();
|
|
71
|
+
}
|
|
72
|
+
return;
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
};
|
|
76
|
+
|
|
77
|
+
const originalRequestFn = session.request;
|
|
78
|
+
|
|
79
|
+
const { sessionTimeout } = options;
|
|
80
|
+
|
|
81
|
+
if (sessionTimeout != null) {
|
|
82
|
+
let streamsCount = 0;
|
|
83
|
+
|
|
84
|
+
session.request = function () {
|
|
85
|
+
const stream = originalRequestFn.apply(this, arguments);
|
|
86
|
+
|
|
87
|
+
streamsCount++;
|
|
88
|
+
|
|
89
|
+
if (timer) {
|
|
90
|
+
clearTimeout(timer);
|
|
91
|
+
timer = null;
|
|
92
|
+
}
|
|
93
|
+
|
|
94
|
+
stream.once('close', () => {
|
|
95
|
+
if (!--streamsCount) {
|
|
96
|
+
timer = setTimeout(() => {
|
|
97
|
+
timer = null;
|
|
98
|
+
removeSession();
|
|
99
|
+
}, sessionTimeout);
|
|
100
|
+
}
|
|
101
|
+
});
|
|
102
|
+
|
|
103
|
+
return stream;
|
|
104
|
+
};
|
|
105
|
+
}
|
|
106
|
+
|
|
107
|
+
session.once('close', removeSession);
|
|
108
|
+
|
|
109
|
+
let entry = [session, options];
|
|
110
|
+
|
|
111
|
+
authoritySessions
|
|
112
|
+
? authoritySessions.push(entry)
|
|
113
|
+
: (authoritySessions = this.sessions[authority] = [entry]);
|
|
114
|
+
|
|
115
|
+
return session;
|
|
116
|
+
}
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
export default Http2Sessions;
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
import utils from '../utils.js';
|
|
4
|
-
import AxiosURLSearchParams from '
|
|
4
|
+
import AxiosURLSearchParams from './AxiosURLSearchParams.js';
|
|
5
5
|
|
|
6
6
|
/**
|
|
7
7
|
* It replaces URL-encoded forms of `:`, `$`, `,`, and spaces with
|
|
@@ -32,8 +32,7 @@ export default function buildURL(url, params, options) {
|
|
|
32
32
|
if (!params) {
|
|
33
33
|
return url;
|
|
34
34
|
}
|
|
35
|
-
|
|
36
|
-
const _encode = (options && options.encode) || encode;
|
|
35
|
+
url = url || '';
|
|
37
36
|
|
|
38
37
|
const _options = utils.isFunction(options)
|
|
39
38
|
? {
|
|
@@ -41,7 +40,11 @@ export default function buildURL(url, params, options) {
|
|
|
41
40
|
}
|
|
42
41
|
: options;
|
|
43
42
|
|
|
44
|
-
|
|
43
|
+
// Read serializer options pollution-safely: own properties and methods on a
|
|
44
|
+
// class/template prototype are honored, but values injected onto a polluted
|
|
45
|
+
// Object.prototype are ignored.
|
|
46
|
+
const _encode = utils.getSafeProp(_options, 'encode') || encode;
|
|
47
|
+
const serializeFn = utils.getSafeProp(_options, 'serialize');
|
|
45
48
|
|
|
46
49
|
let serializedParams;
|
|
47
50
|
|
|
@@ -45,7 +45,7 @@ const composeSignals = (signals, timeout) => {
|
|
|
45
45
|
signals = null;
|
|
46
46
|
};
|
|
47
47
|
|
|
48
|
-
signals.forEach((signal) => signal.addEventListener('abort', onabort));
|
|
48
|
+
signals.forEach((signal) => signal.addEventListener('abort', onabort, { once: true }));
|
|
49
49
|
|
|
50
50
|
const { signal } = controller;
|
|
51
51
|
|
|
@@ -40,7 +40,11 @@ export default platform.hasStandardBrowserEnv
|
|
|
40
40
|
const cookie = cookies[i].replace(/^\s+/, '');
|
|
41
41
|
const eq = cookie.indexOf('=');
|
|
42
42
|
if (eq !== -1 && cookie.slice(0, eq) === name) {
|
|
43
|
-
|
|
43
|
+
try {
|
|
44
|
+
return decodeURIComponent(cookie.slice(eq + 1));
|
|
45
|
+
} catch (e) {
|
|
46
|
+
return cookie.slice(eq + 1);
|
|
47
|
+
}
|
|
44
48
|
}
|
|
45
49
|
}
|
|
46
50
|
return null;
|
|
@@ -2,11 +2,19 @@
|
|
|
2
2
|
* Estimate decoded byte length of a data:// URL *without* allocating large buffers.
|
|
3
3
|
* - For base64: compute exact decoded size using length and padding;
|
|
4
4
|
* handle %XX at the character-count level (no string allocation).
|
|
5
|
-
* - For non-base64:
|
|
5
|
+
* - For non-base64: compute the exact percent-decoded UTF-8 byte length.
|
|
6
6
|
*
|
|
7
7
|
* @param {string} url
|
|
8
8
|
* @returns {number}
|
|
9
9
|
*/
|
|
10
|
+
const isHexDigit = (charCode) =>
|
|
11
|
+
(charCode >= 48 && charCode <= 57) ||
|
|
12
|
+
(charCode >= 65 && charCode <= 70) ||
|
|
13
|
+
(charCode >= 97 && charCode <= 102);
|
|
14
|
+
|
|
15
|
+
const isPercentEncodedByte = (str, i, len) =>
|
|
16
|
+
i + 2 < len && isHexDigit(str.charCodeAt(i + 1)) && isHexDigit(str.charCodeAt(i + 2));
|
|
17
|
+
|
|
10
18
|
export default function estimateDataURLDecodedBytes(url) {
|
|
11
19
|
if (!url || typeof url !== 'string') return 0;
|
|
12
20
|
if (!url.startsWith('data:')) return 0;
|
|
@@ -26,9 +34,7 @@ export default function estimateDataURLDecodedBytes(url) {
|
|
|
26
34
|
if (body.charCodeAt(i) === 37 /* '%' */ && i + 2 < len) {
|
|
27
35
|
const a = body.charCodeAt(i + 1);
|
|
28
36
|
const b = body.charCodeAt(i + 2);
|
|
29
|
-
const isHex =
|
|
30
|
-
((a >= 48 && a <= 57) || (a >= 65 && a <= 70) || (a >= 97 && a <= 102)) &&
|
|
31
|
-
((b >= 48 && b <= 57) || (b >= 65 && b <= 70) || (b >= 97 && b <= 102));
|
|
37
|
+
const isHex = isHexDigit(a) && isHexDigit(b);
|
|
32
38
|
|
|
33
39
|
if (isHex) {
|
|
34
40
|
effectiveLen -= 2;
|
|
@@ -69,18 +75,17 @@ export default function estimateDataURLDecodedBytes(url) {
|
|
|
69
75
|
return bytes > 0 ? bytes : 0;
|
|
70
76
|
}
|
|
71
77
|
|
|
72
|
-
if (typeof Buffer !== 'undefined' && typeof Buffer.byteLength === 'function') {
|
|
73
|
-
return Buffer.byteLength(body, 'utf8');
|
|
74
|
-
}
|
|
75
|
-
|
|
76
78
|
// Compute UTF-8 byte length directly from UTF-16 code units without allocating
|
|
77
79
|
// a byte buffer (TextEncoder.encode would defeat the DoS guard on large bodies).
|
|
78
|
-
//
|
|
79
|
-
//
|
|
80
|
+
// Valid %XX triplets count as one decoded byte; this matches the bytes that
|
|
81
|
+
// decodeURIComponent(body) would produce before Buffer re-encodes the string.
|
|
80
82
|
let bytes = 0;
|
|
81
83
|
for (let i = 0, len = body.length; i < len; i++) {
|
|
82
84
|
const c = body.charCodeAt(i);
|
|
83
|
-
if (c
|
|
85
|
+
if (c === 37 /* '%' */ && isPercentEncodedByte(body, i, len)) {
|
|
86
|
+
bytes += 1;
|
|
87
|
+
i += 2;
|
|
88
|
+
} else if (c < 0x80) {
|
|
84
89
|
bytes += 1;
|
|
85
90
|
} else if (c < 0x800) {
|
|
86
91
|
bytes += 2;
|
|
@@ -1,6 +1,19 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
3
|
import utils from '../utils.js';
|
|
4
|
+
import AxiosError from '../core/AxiosError.js';
|
|
5
|
+
import { DEFAULT_FORM_DATA_MAX_DEPTH } from './toFormData.js';
|
|
6
|
+
|
|
7
|
+
const MAX_DEPTH = DEFAULT_FORM_DATA_MAX_DEPTH;
|
|
8
|
+
|
|
9
|
+
function throwIfDepthExceeded(index) {
|
|
10
|
+
if (index > MAX_DEPTH) {
|
|
11
|
+
throw new AxiosError(
|
|
12
|
+
'FormData field is too deeply nested (' + index + ' levels). Max depth: ' + MAX_DEPTH,
|
|
13
|
+
AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED
|
|
14
|
+
);
|
|
15
|
+
}
|
|
16
|
+
}
|
|
4
17
|
|
|
5
18
|
/**
|
|
6
19
|
* It takes a string like `foo[x][y][z]` and returns an array like `['foo', 'x', 'y', 'z']
|
|
@@ -14,9 +27,16 @@ function parsePropPath(name) {
|
|
|
14
27
|
// foo.x.y.z
|
|
15
28
|
// foo-x-y-z
|
|
16
29
|
// foo x y z
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
30
|
+
const path = [];
|
|
31
|
+
const pattern = /\w+|\[(\w*)]/g;
|
|
32
|
+
let match;
|
|
33
|
+
|
|
34
|
+
while ((match = pattern.exec(name)) !== null) {
|
|
35
|
+
throwIfDepthExceeded(path.length);
|
|
36
|
+
path.push(match[0] === '[]' ? '' : match[1] || match[0]);
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
return path;
|
|
20
40
|
}
|
|
21
41
|
|
|
22
42
|
/**
|
|
@@ -48,6 +68,8 @@ function arrayToObject(arr) {
|
|
|
48
68
|
*/
|
|
49
69
|
function formDataToJSON(formData) {
|
|
50
70
|
function buildPath(path, value, target, index) {
|
|
71
|
+
throwIfDepthExceeded(index);
|
|
72
|
+
|
|
51
73
|
let name = path[index++];
|
|
52
74
|
|
|
53
75
|
if (name === '__proto__') return true;
|
|
@@ -73,11 +73,11 @@ const formDataToStream = (form, headersHandler, options) => {
|
|
|
73
73
|
} = options || {};
|
|
74
74
|
|
|
75
75
|
if (!utils.isFormData(form)) {
|
|
76
|
-
throw TypeError('FormData instance required');
|
|
76
|
+
throw new TypeError('FormData instance required');
|
|
77
77
|
}
|
|
78
78
|
|
|
79
79
|
if (boundary.length < 1 || boundary.length > 70) {
|
|
80
|
-
throw Error('boundary must be 1-70 characters long');
|
|
80
|
+
throw new Error('boundary must be 1-70 characters long');
|
|
81
81
|
}
|
|
82
82
|
|
|
83
83
|
const boundaryBytes = textEncoder.encode('--' + boundary + CRLF);
|
|
@@ -42,14 +42,16 @@ export default function fromDataURI(uri, asBlob, options) {
|
|
|
42
42
|
|
|
43
43
|
// RFC 2397 section 3: default mediatype is text/plain;charset=US-ASCII
|
|
44
44
|
// Bare `data:,` leaves mime undefined; Blob normalises that to "" per spec.
|
|
45
|
-
let mime;
|
|
45
|
+
let mime = '';
|
|
46
46
|
if (type) {
|
|
47
47
|
mime = params ? type + params : type;
|
|
48
48
|
} else if (params) {
|
|
49
49
|
mime = 'text/plain' + params;
|
|
50
50
|
}
|
|
51
51
|
|
|
52
|
-
const buffer =
|
|
52
|
+
const buffer = encoding === 'base64'
|
|
53
|
+
? Buffer.from(body, 'base64')
|
|
54
|
+
: Buffer.from(decodeURIComponent(body), encoding);
|
|
53
55
|
|
|
54
56
|
if (asBlob) {
|
|
55
57
|
if (!_Blob) {
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
import platform from '../platform/index.js';
|
|
2
2
|
import utils from '../utils.js';
|
|
3
|
+
import AxiosError from '../core/AxiosError.js';
|
|
3
4
|
import isURLSameOrigin from './isURLSameOrigin.js';
|
|
4
5
|
import cookies from './cookies.js';
|
|
5
6
|
import buildFullPath from '../core/buildFullPath.js';
|
|
@@ -15,7 +16,7 @@ function setFormDataHeaders(headers, formHeaders, policy) {
|
|
|
15
16
|
return;
|
|
16
17
|
}
|
|
17
18
|
|
|
18
|
-
Object.entries(formHeaders).forEach(([key, val]) => {
|
|
19
|
+
Object.entries(formHeaders || {}).forEach(([key, val]) => {
|
|
19
20
|
if (FORM_DATA_CONTENT_HEADERS.includes(key.toLowerCase())) {
|
|
20
21
|
headers.set(key, val);
|
|
21
22
|
}
|
|
@@ -35,7 +36,7 @@ const encodeUTF8 = (str) =>
|
|
|
35
36
|
String.fromCharCode(parseInt(hex, 16))
|
|
36
37
|
);
|
|
37
38
|
|
|
38
|
-
|
|
39
|
+
function resolveConfig(config) {
|
|
39
40
|
const newConfig = mergeConfig({}, config);
|
|
40
41
|
|
|
41
42
|
// Read only own properties to prevent prototype pollution gadgets
|
|
@@ -55,23 +56,33 @@ export default (config) => {
|
|
|
55
56
|
newConfig.headers = headers = AxiosHeaders.from(headers);
|
|
56
57
|
|
|
57
58
|
newConfig.url = buildURL(
|
|
58
|
-
buildFullPath(baseURL, url, allowAbsoluteUrls),
|
|
59
|
-
|
|
60
|
-
|
|
59
|
+
buildFullPath(baseURL, url, allowAbsoluteUrls, newConfig),
|
|
60
|
+
own('params'),
|
|
61
|
+
own('paramsSerializer')
|
|
61
62
|
);
|
|
62
63
|
|
|
63
64
|
// HTTP basic authentication
|
|
64
65
|
if (auth) {
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
66
|
+
const username = utils.getSafeProp(auth, 'username') || '';
|
|
67
|
+
const password = utils.getSafeProp(auth, 'password') || '';
|
|
68
|
+
|
|
69
|
+
try {
|
|
70
|
+
headers.set(
|
|
71
|
+
'Authorization',
|
|
72
|
+
'Basic ' + btoa(username + ':' + (password ? encodeUTF8(password) : ''))
|
|
73
|
+
);
|
|
74
|
+
} catch (e) {
|
|
75
|
+
throw AxiosError.from(e, AxiosError.ERR_BAD_OPTION_VALUE, config);
|
|
76
|
+
}
|
|
70
77
|
}
|
|
71
78
|
|
|
72
79
|
if (utils.isFormData(data)) {
|
|
73
|
-
if (
|
|
74
|
-
|
|
80
|
+
if (
|
|
81
|
+
platform.hasStandardBrowserEnv ||
|
|
82
|
+
platform.hasStandardBrowserWebWorkerEnv ||
|
|
83
|
+
utils.isReactNative(data)
|
|
84
|
+
) {
|
|
85
|
+
headers.setContentType(undefined); // browser/web worker/RN handles it
|
|
75
86
|
} else if (utils.isFunction(data.getHeaders)) {
|
|
76
87
|
// Node.js FormData (like form-data package)
|
|
77
88
|
setFormDataHeaders(headers, data.getHeaders(), own('formDataHeaderPolicy'));
|
|
@@ -103,4 +114,6 @@ export default (config) => {
|
|
|
103
114
|
}
|
|
104
115
|
|
|
105
116
|
return newConfig;
|
|
106
|
-
}
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
export default resolveConfig;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
const LOOPBACK_HOSTNAMES = new Set(['localhost']);
|
|
1
|
+
const LOOPBACK_HOSTNAMES = new Set(['localhost', '0.0.0.0']);
|
|
2
2
|
|
|
3
3
|
const isIPv4Loopback = (host) => {
|
|
4
4
|
const parts = host.split('.');
|
|
@@ -7,6 +7,37 @@ const isIPv4Loopback = (host) => {
|
|
|
7
7
|
return parts.every((p) => /^\d+$/.test(p) && Number(p) >= 0 && Number(p) <= 255);
|
|
8
8
|
};
|
|
9
9
|
|
|
10
|
+
const isIPv6ZeroGroup = (group) => /^0{1,4}$/.test(group);
|
|
11
|
+
|
|
12
|
+
// The unspecified address (IPv4 0.0.0.0 / IPv6 ::) resolves to the local host
|
|
13
|
+
// for outbound connections, so treat it as loopback-equivalent for NO_PROXY
|
|
14
|
+
// matching. 0.0.0.0 is covered by LOOPBACK_HOSTNAMES; this handles compressed
|
|
15
|
+
// and full IPv6 all-zero forms so both families bypass symmetrically.
|
|
16
|
+
const isIPv6Unspecified = (host) => {
|
|
17
|
+
if (host === '::') return true;
|
|
18
|
+
|
|
19
|
+
const compressionIndex = host.indexOf('::');
|
|
20
|
+
|
|
21
|
+
if (compressionIndex !== -1) {
|
|
22
|
+
if (compressionIndex !== host.lastIndexOf('::')) return false;
|
|
23
|
+
|
|
24
|
+
const left = host.slice(0, compressionIndex);
|
|
25
|
+
const right = host.slice(compressionIndex + 2);
|
|
26
|
+
const leftGroups = left ? left.split(':') : [];
|
|
27
|
+
const rightGroups = right ? right.split(':') : [];
|
|
28
|
+
const explicitGroups = leftGroups.length + rightGroups.length;
|
|
29
|
+
|
|
30
|
+
return (
|
|
31
|
+
explicitGroups < 8 &&
|
|
32
|
+
leftGroups.every(isIPv6ZeroGroup) &&
|
|
33
|
+
rightGroups.every(isIPv6ZeroGroup)
|
|
34
|
+
);
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
const groups = host.split(':');
|
|
38
|
+
return groups.length === 8 && groups.every(isIPv6ZeroGroup);
|
|
39
|
+
};
|
|
40
|
+
|
|
10
41
|
const isIPv6Loopback = (host) => {
|
|
11
42
|
// Collapse all-zero groups: any form of ::1 / 0:0:...:0:1
|
|
12
43
|
// First, strip any leading "::" by normalising with Set lookup of common forms,
|
|
@@ -42,6 +73,7 @@ const isLoopback = (host) => {
|
|
|
42
73
|
if (!host) return false;
|
|
43
74
|
if (LOOPBACK_HOSTNAMES.has(host)) return true;
|
|
44
75
|
if (isIPv4Loopback(host)) return true;
|
|
76
|
+
if (isIPv6Unspecified(host)) return true;
|
|
45
77
|
return isIPv6Loopback(host);
|
|
46
78
|
};
|
|
47
79
|
|