reflex-search 1.5.2 → 1.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/node_modules/.package-lock.json +15 -15
- package/node_modules/axios/CHANGELOG.md +126 -1
- package/node_modules/axios/README.md +390 -257
- package/node_modules/axios/dist/axios.js +511 -154
- package/node_modules/axios/dist/axios.min.js +3 -3
- package/node_modules/axios/dist/axios.min.js.map +1 -1
- package/node_modules/axios/dist/browser/axios.cjs +537 -124
- package/node_modules/axios/dist/esm/axios.js +537 -124
- package/node_modules/axios/dist/esm/axios.min.js +2 -2
- package/node_modules/axios/dist/esm/axios.min.js.map +1 -1
- package/node_modules/axios/dist/node/axios.cjs +753 -226
- package/node_modules/axios/index.d.cts +27 -4
- package/node_modules/axios/index.d.ts +23 -2
- package/node_modules/axios/lib/adapters/adapters.js +1 -1
- package/node_modules/axios/lib/adapters/fetch.js +217 -47
- package/node_modules/axios/lib/adapters/http.js +274 -169
- package/node_modules/axios/lib/adapters/xhr.js +1 -0
- package/node_modules/axios/lib/core/Axios.js +4 -2
- package/node_modules/axios/lib/core/AxiosError.js +13 -1
- package/node_modules/axios/lib/core/AxiosHeaders.js +12 -9
- package/node_modules/axios/lib/core/buildFullPath.js +29 -1
- package/node_modules/axios/lib/core/mergeConfig.js +35 -0
- package/node_modules/axios/lib/defaults/transitional.js +2 -0
- package/node_modules/axios/lib/env/data.js +1 -1
- package/node_modules/axios/lib/helpers/AxiosURLSearchParams.js +1 -3
- package/node_modules/axios/lib/helpers/Http2Sessions.js +119 -0
- package/node_modules/axios/lib/helpers/buildURL.js +7 -4
- package/node_modules/axios/lib/helpers/composeSignals.js +1 -1
- package/node_modules/axios/lib/helpers/cookies.js +5 -1
- package/node_modules/axios/lib/helpers/estimateDataURLDecodedBytes.js +16 -11
- package/node_modules/axios/lib/helpers/formDataToJSON.js +25 -3
- package/node_modules/axios/lib/helpers/formDataToStream.js +2 -2
- package/node_modules/axios/lib/helpers/fromDataURI.js +4 -2
- package/node_modules/axios/lib/helpers/resolveConfig.js +26 -13
- package/node_modules/axios/lib/helpers/shouldBypassProxy.js +33 -1
- package/node_modules/axios/lib/helpers/toFormData.js +48 -12
- package/node_modules/axios/lib/helpers/validator.js +1 -1
- package/node_modules/axios/lib/utils.js +97 -12
- package/node_modules/axios/package.json +29 -13
- package/node_modules/brace-expansion/dist/commonjs/index.js +24 -14
- package/node_modules/brace-expansion/dist/commonjs/index.js.map +1 -1
- package/node_modules/brace-expansion/dist/esm/index.js +24 -14
- package/node_modules/brace-expansion/dist/esm/index.js.map +1 -1
- package/node_modules/brace-expansion/package.json +2 -2
- package/node_modules/form-data/CHANGELOG.md +29 -2
- package/node_modules/form-data/README.md +4 -4
- package/node_modules/form-data/lib/form_data.js +14 -2
- package/node_modules/form-data/package.json +7 -7
- package/node_modules/hasown/CHANGELOG.md +18 -0
- package/node_modules/hasown/eslint.config.mjs +6 -0
- package/node_modules/hasown/package.json +13 -14
- package/npm-shrinkwrap.json +16 -16
- package/package.json +2 -2
- package/node_modules/axios/dist/axios.js.map +0 -1
- package/node_modules/axios/dist/browser/axios.cjs.map +0 -1
- package/node_modules/axios/dist/esm/axios.js.map +0 -1
- package/node_modules/axios/dist/node/axios.cjs.map +0 -1
- package/node_modules/hasown/.eslintrc +0 -5
|
@@ -24,6 +24,7 @@ import { EventEmitter } from 'events';
|
|
|
24
24
|
import formDataToStream from '../helpers/formDataToStream.js';
|
|
25
25
|
import readBlob from '../helpers/readBlob.js';
|
|
26
26
|
import ZlibHeaderTransformStream from '../helpers/ZlibHeaderTransformStream.js';
|
|
27
|
+
import Http2Sessions from '../helpers/Http2Sessions.js';
|
|
27
28
|
import callbackify from '../helpers/callbackify.js';
|
|
28
29
|
import shouldBypassProxy from '../helpers/shouldBypassProxy.js';
|
|
29
30
|
import { toByteStringHeaderObject } from '../helpers/sanitizeHeaderValue.js';
|
|
@@ -44,7 +45,15 @@ const brotliOptions = {
|
|
|
44
45
|
finishFlush: zlib.constants.BROTLI_OPERATION_FLUSH,
|
|
45
46
|
};
|
|
46
47
|
|
|
48
|
+
const zstdOptions = {
|
|
49
|
+
flush: zlib.constants.ZSTD_e_flush,
|
|
50
|
+
finishFlush: zlib.constants.ZSTD_e_flush,
|
|
51
|
+
};
|
|
52
|
+
|
|
47
53
|
const isBrotliSupported = utils.isFunction(zlib.createBrotliDecompress);
|
|
54
|
+
const isZstdSupported = utils.isFunction(zlib.createZstdDecompress);
|
|
55
|
+
const ACCEPT_ENCODING = 'gzip, compress, deflate' + (isBrotliSupported ? ', br' : '');
|
|
56
|
+
const ACCEPT_ENCODING_WITH_ZSTD = ACCEPT_ENCODING + (isZstdSupported ? ', zstd' : '');
|
|
48
57
|
|
|
49
58
|
const { http: httpFollow, https: httpsFollow } = followRedirects;
|
|
50
59
|
|
|
@@ -80,6 +89,53 @@ const kAxiosInstalledTunnel = Symbol('axios.http.installedTunnel');
|
|
|
80
89
|
// so unbounded growth is not a concern in practice.
|
|
81
90
|
const tunnelingAgentCache = new Map();
|
|
82
91
|
const tunnelingAgentCacheUser = new WeakMap();
|
|
92
|
+
// Minimum minor versions where Node's HTTP Agent supports native proxyEnv
|
|
93
|
+
// handling. Checking the selected agent below also covers startup modes such
|
|
94
|
+
// as NODE_OPTIONS=--use-env-proxy and --no-use-env-proxy precedence.
|
|
95
|
+
const NODE_NATIVE_ENV_PROXY_SUPPORT = {
|
|
96
|
+
22: 21,
|
|
97
|
+
24: 5,
|
|
98
|
+
};
|
|
99
|
+
|
|
100
|
+
function isNodeNativeEnvProxySupported(nodeVersion = process.versions && process.versions.node) {
|
|
101
|
+
if (!nodeVersion) {
|
|
102
|
+
return false;
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
const [major, minor] = nodeVersion.split('.').map((part) => Number(part));
|
|
106
|
+
|
|
107
|
+
if (!Number.isInteger(major) || !Number.isInteger(minor)) {
|
|
108
|
+
return false;
|
|
109
|
+
}
|
|
110
|
+
|
|
111
|
+
if (major > 24) {
|
|
112
|
+
return true;
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
return (
|
|
116
|
+
NODE_NATIVE_ENV_PROXY_SUPPORT[major] != null && minor >= NODE_NATIVE_ENV_PROXY_SUPPORT[major]
|
|
117
|
+
);
|
|
118
|
+
}
|
|
119
|
+
|
|
120
|
+
function isNodeEnvProxyEnabled(agent, nodeVersion = process.versions && process.versions.node) {
|
|
121
|
+
if (!isNodeNativeEnvProxySupported(nodeVersion)) {
|
|
122
|
+
return false;
|
|
123
|
+
}
|
|
124
|
+
|
|
125
|
+
const agentOptions = agent && agent.options;
|
|
126
|
+
|
|
127
|
+
return Boolean(
|
|
128
|
+
agentOptions &&
|
|
129
|
+
utils.hasOwnProp(agentOptions, 'proxyEnv') &&
|
|
130
|
+
agentOptions.proxyEnv != null
|
|
131
|
+
);
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
function getProxyEnvAgent(options, configHttpAgent, configHttpsAgent) {
|
|
135
|
+
return isHttps.test(options.protocol)
|
|
136
|
+
? (configHttpsAgent || https.globalAgent)
|
|
137
|
+
: (configHttpAgent || http.globalAgent);
|
|
138
|
+
}
|
|
83
139
|
|
|
84
140
|
function getTunnelingAgent(agentOptions, userHttpsAgent) {
|
|
85
141
|
const key =
|
|
@@ -103,6 +159,14 @@ function getTunnelingAgent(agentOptions, userHttpsAgent) {
|
|
|
103
159
|
? { ...userHttpsAgent.options, ...agentOptions }
|
|
104
160
|
: agentOptions;
|
|
105
161
|
agent = new HttpsProxyAgent(merged);
|
|
162
|
+
if (userHttpsAgent && userHttpsAgent.options) {
|
|
163
|
+
const originTLSOptions = { ...userHttpsAgent.options };
|
|
164
|
+
const callback = agent.callback;
|
|
165
|
+
agent.callback = function axiosTunnelingAgentCallback(req, opts) {
|
|
166
|
+
// HttpsProxyAgent v5 reads callback opts for the post-CONNECT origin TLS upgrade.
|
|
167
|
+
return callback.call(this, req, { ...originTLSOptions, ...opts });
|
|
168
|
+
};
|
|
169
|
+
}
|
|
106
170
|
agent[kAxiosInstalledTunnel] = true;
|
|
107
171
|
cache.set(key, agent);
|
|
108
172
|
return agent;
|
|
@@ -134,114 +198,11 @@ const flushOnFinish = (stream, [throttled, flush]) => {
|
|
|
134
198
|
return throttled;
|
|
135
199
|
};
|
|
136
200
|
|
|
137
|
-
class Http2Sessions {
|
|
138
|
-
constructor() {
|
|
139
|
-
this.sessions = Object.create(null);
|
|
140
|
-
}
|
|
141
|
-
|
|
142
|
-
getSession(authority, options) {
|
|
143
|
-
options = Object.assign(
|
|
144
|
-
{
|
|
145
|
-
sessionTimeout: 1000,
|
|
146
|
-
},
|
|
147
|
-
options
|
|
148
|
-
);
|
|
149
|
-
|
|
150
|
-
let authoritySessions = this.sessions[authority];
|
|
151
|
-
|
|
152
|
-
if (authoritySessions) {
|
|
153
|
-
let len = authoritySessions.length;
|
|
154
|
-
|
|
155
|
-
for (let i = 0; i < len; i++) {
|
|
156
|
-
const [sessionHandle, sessionOptions] = authoritySessions[i];
|
|
157
|
-
if (
|
|
158
|
-
!sessionHandle.destroyed &&
|
|
159
|
-
!sessionHandle.closed &&
|
|
160
|
-
util.isDeepStrictEqual(sessionOptions, options)
|
|
161
|
-
) {
|
|
162
|
-
return sessionHandle;
|
|
163
|
-
}
|
|
164
|
-
}
|
|
165
|
-
}
|
|
166
|
-
|
|
167
|
-
const session = http2.connect(authority, options);
|
|
168
|
-
|
|
169
|
-
let removed;
|
|
170
|
-
|
|
171
|
-
const removeSession = () => {
|
|
172
|
-
if (removed) {
|
|
173
|
-
return;
|
|
174
|
-
}
|
|
175
|
-
|
|
176
|
-
removed = true;
|
|
177
|
-
|
|
178
|
-
let entries = authoritySessions,
|
|
179
|
-
len = entries.length,
|
|
180
|
-
i = len;
|
|
181
|
-
|
|
182
|
-
while (i--) {
|
|
183
|
-
if (entries[i][0] === session) {
|
|
184
|
-
if (len === 1) {
|
|
185
|
-
delete this.sessions[authority];
|
|
186
|
-
} else {
|
|
187
|
-
entries.splice(i, 1);
|
|
188
|
-
}
|
|
189
|
-
if (!session.closed) {
|
|
190
|
-
session.close();
|
|
191
|
-
}
|
|
192
|
-
return;
|
|
193
|
-
}
|
|
194
|
-
}
|
|
195
|
-
};
|
|
196
|
-
|
|
197
|
-
const originalRequestFn = session.request;
|
|
198
|
-
|
|
199
|
-
const { sessionTimeout } = options;
|
|
200
|
-
|
|
201
|
-
if (sessionTimeout != null) {
|
|
202
|
-
let timer;
|
|
203
|
-
let streamsCount = 0;
|
|
204
|
-
|
|
205
|
-
session.request = function () {
|
|
206
|
-
const stream = originalRequestFn.apply(this, arguments);
|
|
207
|
-
|
|
208
|
-
streamsCount++;
|
|
209
|
-
|
|
210
|
-
if (timer) {
|
|
211
|
-
clearTimeout(timer);
|
|
212
|
-
timer = null;
|
|
213
|
-
}
|
|
214
|
-
|
|
215
|
-
stream.once('close', () => {
|
|
216
|
-
if (!--streamsCount) {
|
|
217
|
-
timer = setTimeout(() => {
|
|
218
|
-
timer = null;
|
|
219
|
-
removeSession();
|
|
220
|
-
}, sessionTimeout);
|
|
221
|
-
}
|
|
222
|
-
});
|
|
223
|
-
|
|
224
|
-
return stream;
|
|
225
|
-
};
|
|
226
|
-
}
|
|
227
|
-
|
|
228
|
-
session.once('close', removeSession);
|
|
229
|
-
|
|
230
|
-
let entry = [session, options];
|
|
231
|
-
|
|
232
|
-
authoritySessions
|
|
233
|
-
? authoritySessions.push(entry)
|
|
234
|
-
: (authoritySessions = this.sessions[authority] = [entry]);
|
|
235
|
-
|
|
236
|
-
return session;
|
|
237
|
-
}
|
|
238
|
-
}
|
|
239
|
-
|
|
240
201
|
const http2Sessions = new Http2Sessions();
|
|
241
202
|
|
|
242
203
|
/**
|
|
243
|
-
* If the proxy or config beforeRedirects functions are defined,
|
|
244
|
-
* object.
|
|
204
|
+
* If the proxy, auth, sensitive header, or config beforeRedirects functions are defined,
|
|
205
|
+
* call them with the options object.
|
|
245
206
|
*
|
|
246
207
|
* @param {Object<string, any>} options - The options object that was passed to the request.
|
|
247
208
|
*
|
|
@@ -251,11 +212,42 @@ function dispatchBeforeRedirect(options, responseDetails, requestDetails) {
|
|
|
251
212
|
if (options.beforeRedirects.proxy) {
|
|
252
213
|
options.beforeRedirects.proxy(options);
|
|
253
214
|
}
|
|
215
|
+
if (options.beforeRedirects.auth) {
|
|
216
|
+
options.beforeRedirects.auth(options);
|
|
217
|
+
}
|
|
218
|
+
if (options.beforeRedirects.sensitiveHeaders) {
|
|
219
|
+
options.beforeRedirects.sensitiveHeaders(options, requestDetails);
|
|
220
|
+
}
|
|
254
221
|
if (options.beforeRedirects.config) {
|
|
255
222
|
options.beforeRedirects.config(options, responseDetails, requestDetails);
|
|
256
223
|
}
|
|
257
224
|
}
|
|
258
225
|
|
|
226
|
+
function stripMatchingHeaders(headers, sensitiveSet) {
|
|
227
|
+
if (!headers) {
|
|
228
|
+
return;
|
|
229
|
+
}
|
|
230
|
+
|
|
231
|
+
Object.keys(headers).forEach((header) => {
|
|
232
|
+
if (sensitiveSet.has(header.toLowerCase())) {
|
|
233
|
+
delete headers[header];
|
|
234
|
+
}
|
|
235
|
+
});
|
|
236
|
+
}
|
|
237
|
+
|
|
238
|
+
function isSameOriginRedirect(redirectOptions, requestDetails) {
|
|
239
|
+
if (!requestDetails) {
|
|
240
|
+
return false;
|
|
241
|
+
}
|
|
242
|
+
|
|
243
|
+
try {
|
|
244
|
+
return new URL(requestDetails.url).origin === new URL(redirectOptions.href).origin;
|
|
245
|
+
} catch (e) {
|
|
246
|
+
// If origin comparison fails, treat the redirect as unsafe.
|
|
247
|
+
return false;
|
|
248
|
+
}
|
|
249
|
+
}
|
|
250
|
+
|
|
259
251
|
/**
|
|
260
252
|
* If the proxy or config afterRedirects functions are defined, call them with the options
|
|
261
253
|
*
|
|
@@ -265,9 +257,10 @@ function dispatchBeforeRedirect(options, responseDetails, requestDetails) {
|
|
|
265
257
|
*
|
|
266
258
|
* @returns {http.ClientRequestArgs}
|
|
267
259
|
*/
|
|
268
|
-
function setProxy(options, configProxy, location, isRedirect, configHttpsAgent) {
|
|
260
|
+
function setProxy(options, configProxy, location, isRedirect, configHttpsAgent, configHttpAgent) {
|
|
269
261
|
let proxy = configProxy;
|
|
270
|
-
|
|
262
|
+
const proxyEnvAgent = getProxyEnvAgent(options, configHttpAgent, configHttpsAgent);
|
|
263
|
+
if (!proxy && proxy !== false && !isNodeEnvProxyEnabled(proxyEnvAgent)) {
|
|
271
264
|
const proxyUrl = getProxyForUrl(location);
|
|
272
265
|
if (proxyUrl) {
|
|
273
266
|
if (!shouldBypassProxy(location)) {
|
|
@@ -373,7 +366,7 @@ function setProxy(options, configProxy, location, isRedirect, configHttpsAgent)
|
|
|
373
366
|
}
|
|
374
367
|
const tunnelingAgent = getTunnelingAgent(agentOptions, configHttpsAgent);
|
|
375
368
|
// Set both: `options.agent` is consumed by the native https.request path
|
|
376
|
-
// (
|
|
369
|
+
// (maxRedirects === 0); `options.agents.https` is consumed by
|
|
377
370
|
// follow-redirects, which ignores `options.agent` when `options.agents`
|
|
378
371
|
// is present.
|
|
379
372
|
options.agent = tunnelingAgent;
|
|
@@ -418,7 +411,14 @@ function setProxy(options, configProxy, location, isRedirect, configHttpsAgent)
|
|
|
418
411
|
options.beforeRedirects.proxy = function beforeRedirect(redirectOptions) {
|
|
419
412
|
// Configure proxy for redirected request, passing the original config proxy to apply
|
|
420
413
|
// the exact same logic as if the redirected request was performed by axios directly.
|
|
421
|
-
setProxy(
|
|
414
|
+
setProxy(
|
|
415
|
+
redirectOptions,
|
|
416
|
+
configProxy,
|
|
417
|
+
redirectOptions.href,
|
|
418
|
+
true,
|
|
419
|
+
configHttpsAgent,
|
|
420
|
+
configHttpAgent
|
|
421
|
+
);
|
|
422
422
|
};
|
|
423
423
|
}
|
|
424
424
|
|
|
@@ -517,16 +517,30 @@ const http2Transport = {
|
|
|
517
517
|
export default isHttpAdapterSupported &&
|
|
518
518
|
function httpAdapter(config) {
|
|
519
519
|
return wrapAsync(async function dispatchHttpRequest(resolve, reject, onDone) {
|
|
520
|
-
|
|
520
|
+
// Read config pollution-safely: own properties and members inherited from
|
|
521
|
+
// a non-Object.prototype source (e.g. an Object.create(defaults) template)
|
|
522
|
+
// are honored, but values injected onto a polluted Object.prototype are
|
|
523
|
+
// ignored. All behavior-affecting reads in this adapter go through own()
|
|
524
|
+
// so the protection boundary stays consistent.
|
|
525
|
+
const own = (key) => utils.getSafeProp(config, key);
|
|
526
|
+
const transitional = own('transitional') || transitionalDefaults;
|
|
521
527
|
let data = own('data');
|
|
522
528
|
let lookup = own('lookup');
|
|
523
529
|
let family = own('family');
|
|
524
530
|
let httpVersion = own('httpVersion');
|
|
525
531
|
if (httpVersion === undefined) httpVersion = 1;
|
|
526
532
|
let http2Options = own('http2Options');
|
|
533
|
+
const httpAgent = own('httpAgent');
|
|
534
|
+
const httpsAgent = own('httpsAgent');
|
|
535
|
+
const configProxy = own('proxy');
|
|
527
536
|
const responseType = own('responseType');
|
|
528
537
|
const responseEncoding = own('responseEncoding');
|
|
529
|
-
const
|
|
538
|
+
const socketPath = own('socketPath');
|
|
539
|
+
const method = own('method').toUpperCase();
|
|
540
|
+
const maxRedirects = own('maxRedirects');
|
|
541
|
+
const maxBodyLength = own('maxBodyLength');
|
|
542
|
+
const maxContentLength = own('maxContentLength');
|
|
543
|
+
const decompress = own('decompress');
|
|
530
544
|
let isDone;
|
|
531
545
|
let rejected = false;
|
|
532
546
|
let req;
|
|
@@ -571,7 +585,7 @@ export default isHttpAdapterSupported &&
|
|
|
571
585
|
!reason || reason.type ? new CanceledError(null, config, req) : reason
|
|
572
586
|
);
|
|
573
587
|
} catch (err) {
|
|
574
|
-
|
|
588
|
+
// ignore emit errors
|
|
575
589
|
}
|
|
576
590
|
}
|
|
577
591
|
|
|
@@ -583,12 +597,13 @@ export default isHttpAdapterSupported &&
|
|
|
583
597
|
}
|
|
584
598
|
|
|
585
599
|
function createTimeoutError() {
|
|
586
|
-
|
|
587
|
-
|
|
600
|
+
const configTimeout = own('timeout');
|
|
601
|
+
let timeoutErrorMessage = configTimeout
|
|
602
|
+
? 'timeout of ' + configTimeout + 'ms exceeded'
|
|
588
603
|
: 'timeout exceeded';
|
|
589
|
-
const
|
|
590
|
-
if (
|
|
591
|
-
timeoutErrorMessage =
|
|
604
|
+
const configTimeoutErrorMessage = own('timeoutErrorMessage');
|
|
605
|
+
if (configTimeoutErrorMessage) {
|
|
606
|
+
timeoutErrorMessage = configTimeoutErrorMessage;
|
|
592
607
|
}
|
|
593
608
|
return new AxiosError(
|
|
594
609
|
timeoutErrorMessage,
|
|
@@ -644,21 +659,28 @@ export default isHttpAdapterSupported &&
|
|
|
644
659
|
});
|
|
645
660
|
|
|
646
661
|
// Parse url
|
|
647
|
-
const fullPath = buildFullPath(
|
|
648
|
-
|
|
662
|
+
const fullPath = buildFullPath(own('baseURL'), own('url'), own('allowAbsoluteUrls'), config);
|
|
663
|
+
// Unix-socket requests (own socketPath) commonly pass a path-only url
|
|
664
|
+
// like '/foo'; supply a synthetic base so new URL() can still parse it.
|
|
665
|
+
// Use the own-property value (not config.socketPath) so a polluted
|
|
666
|
+
// prototype cannot influence URL base selection.
|
|
667
|
+
const urlBase = socketPath
|
|
668
|
+
? 'http://localhost'
|
|
669
|
+
: (platform.hasBrowserEnv ? platform.origin : undefined);
|
|
670
|
+
const parsed = new URL(fullPath, urlBase);
|
|
649
671
|
const protocol = parsed.protocol || supportedProtocols[0];
|
|
650
672
|
|
|
651
673
|
if (protocol === 'data:') {
|
|
652
674
|
// Apply the same semantics as HTTP: only enforce if a finite, non-negative cap is set.
|
|
653
|
-
if (
|
|
654
|
-
// Use the exact string passed to fromDataURI (
|
|
655
|
-
const dataUrl = String(
|
|
675
|
+
if (maxContentLength > -1) {
|
|
676
|
+
// Use the exact string passed to fromDataURI (the configured url); fall back to fullPath if needed.
|
|
677
|
+
const dataUrl = String(own('url') || fullPath || '');
|
|
656
678
|
const estimated = estimateDataURLDecodedBytes(dataUrl);
|
|
657
679
|
|
|
658
|
-
if (estimated >
|
|
680
|
+
if (estimated > maxContentLength) {
|
|
659
681
|
return reject(
|
|
660
682
|
new AxiosError(
|
|
661
|
-
'maxContentLength size of ' +
|
|
683
|
+
'maxContentLength size of ' + maxContentLength + ' exceeded',
|
|
662
684
|
AxiosError.ERR_BAD_RESPONSE,
|
|
663
685
|
config
|
|
664
686
|
)
|
|
@@ -678,7 +700,7 @@ export default isHttpAdapterSupported &&
|
|
|
678
700
|
}
|
|
679
701
|
|
|
680
702
|
try {
|
|
681
|
-
convertedData = fromDataURI(
|
|
703
|
+
convertedData = fromDataURI(own('url'), responseType === 'blob', {
|
|
682
704
|
Blob: config.env && config.env.Blob,
|
|
683
705
|
});
|
|
684
706
|
} catch (err) {
|
|
@@ -778,7 +800,7 @@ export default isHttpAdapterSupported &&
|
|
|
778
800
|
// Add Content-Length header if data exists
|
|
779
801
|
headers.setContentLength(data.length, false);
|
|
780
802
|
|
|
781
|
-
if (
|
|
803
|
+
if (maxBodyLength > -1 && data.length > maxBodyLength) {
|
|
782
804
|
return reject(
|
|
783
805
|
new AxiosError(
|
|
784
806
|
'Request body larger than maxBodyLength limit',
|
|
@@ -830,12 +852,12 @@ export default isHttpAdapterSupported &&
|
|
|
830
852
|
let auth = undefined;
|
|
831
853
|
const configAuth = own('auth');
|
|
832
854
|
if (configAuth) {
|
|
833
|
-
const username = configAuth
|
|
834
|
-
const password = configAuth
|
|
855
|
+
const username = utils.getSafeProp(configAuth, 'username') || '';
|
|
856
|
+
const password = utils.getSafeProp(configAuth, 'password') || '';
|
|
835
857
|
auth = username + ':' + password;
|
|
836
858
|
}
|
|
837
859
|
|
|
838
|
-
if (!auth && parsed.username) {
|
|
860
|
+
if (!auth && (parsed.username || parsed.password)) {
|
|
839
861
|
const urlUsername = decodeURIComponentSafe(parsed.username);
|
|
840
862
|
const urlPassword = decodeURIComponentSafe(parsed.password);
|
|
841
863
|
auth = urlUsername + ':' + urlPassword;
|
|
@@ -848,20 +870,22 @@ export default isHttpAdapterSupported &&
|
|
|
848
870
|
try {
|
|
849
871
|
path = buildURL(
|
|
850
872
|
parsed.pathname + parsed.search,
|
|
851
|
-
|
|
852
|
-
|
|
873
|
+
own('params'),
|
|
874
|
+
own('paramsSerializer')
|
|
853
875
|
).replace(/^\?/, '');
|
|
854
876
|
} catch (err) {
|
|
855
|
-
|
|
856
|
-
|
|
857
|
-
|
|
858
|
-
|
|
859
|
-
|
|
877
|
+
return reject(
|
|
878
|
+
AxiosError.from(err, AxiosError.ERR_BAD_REQUEST, config, null, null, {
|
|
879
|
+
url: own('url'),
|
|
880
|
+
exists: true
|
|
881
|
+
})
|
|
882
|
+
);
|
|
860
883
|
}
|
|
861
884
|
|
|
862
885
|
headers.set(
|
|
863
886
|
'Accept-Encoding',
|
|
864
|
-
|
|
887
|
+
utils.hasOwnProp(transitional, 'advertiseZstdAcceptEncoding') &&
|
|
888
|
+
transitional.advertiseZstdAcceptEncoding === true ? ACCEPT_ENCODING_WITH_ZSTD : ACCEPT_ENCODING,
|
|
865
889
|
false
|
|
866
890
|
);
|
|
867
891
|
|
|
@@ -871,7 +895,7 @@ export default isHttpAdapterSupported &&
|
|
|
871
895
|
path,
|
|
872
896
|
method: method,
|
|
873
897
|
headers: toByteStringHeaderObject(headers),
|
|
874
|
-
agents: { http:
|
|
898
|
+
agents: { http: httpAgent, https: httpsAgent },
|
|
875
899
|
auth,
|
|
876
900
|
protocol,
|
|
877
901
|
family,
|
|
@@ -883,19 +907,20 @@ export default isHttpAdapterSupported &&
|
|
|
883
907
|
// cacheable-lookup integration hotfix
|
|
884
908
|
!utils.isUndefined(lookup) && (options.lookup = lookup);
|
|
885
909
|
|
|
886
|
-
if (
|
|
887
|
-
if (typeof
|
|
910
|
+
if (socketPath) {
|
|
911
|
+
if (typeof socketPath !== 'string') {
|
|
888
912
|
return reject(
|
|
889
913
|
new AxiosError('socketPath must be a string', AxiosError.ERR_BAD_OPTION_VALUE, config)
|
|
890
914
|
);
|
|
891
915
|
}
|
|
892
916
|
|
|
893
|
-
|
|
894
|
-
|
|
895
|
-
|
|
896
|
-
|
|
917
|
+
const allowedSocketPaths = own('allowedSocketPaths');
|
|
918
|
+
if (allowedSocketPaths != null) {
|
|
919
|
+
const allowed = Array.isArray(allowedSocketPaths)
|
|
920
|
+
? allowedSocketPaths
|
|
921
|
+
: [allowedSocketPaths];
|
|
897
922
|
|
|
898
|
-
const resolvedSocket = resolvePath(
|
|
923
|
+
const resolvedSocket = resolvePath(socketPath);
|
|
899
924
|
const isAllowed = allowed.some(
|
|
900
925
|
(entry) => typeof entry === 'string' && resolvePath(entry) === resolvedSocket
|
|
901
926
|
);
|
|
@@ -903,7 +928,7 @@ export default isHttpAdapterSupported &&
|
|
|
903
928
|
if (!isAllowed) {
|
|
904
929
|
return reject(
|
|
905
930
|
new AxiosError(
|
|
906
|
-
`socketPath "${
|
|
931
|
+
`socketPath "${socketPath}" is not permitted by allowedSocketPaths`,
|
|
907
932
|
AxiosError.ERR_BAD_OPTION_VALUE,
|
|
908
933
|
config
|
|
909
934
|
)
|
|
@@ -911,7 +936,7 @@ export default isHttpAdapterSupported &&
|
|
|
911
936
|
}
|
|
912
937
|
}
|
|
913
938
|
|
|
914
|
-
options.socketPath =
|
|
939
|
+
options.socketPath = socketPath;
|
|
915
940
|
} else {
|
|
916
941
|
options.hostname = parsed.hostname.startsWith('[')
|
|
917
942
|
? parsed.hostname.slice(1, -1)
|
|
@@ -919,19 +944,25 @@ export default isHttpAdapterSupported &&
|
|
|
919
944
|
options.port = parsed.port;
|
|
920
945
|
setProxy(
|
|
921
946
|
options,
|
|
922
|
-
|
|
947
|
+
configProxy,
|
|
923
948
|
protocol + '//' + parsed.hostname + (parsed.port ? ':' + parsed.port : '') + options.path,
|
|
924
949
|
false,
|
|
925
|
-
|
|
950
|
+
httpsAgent,
|
|
951
|
+
httpAgent
|
|
926
952
|
);
|
|
927
953
|
}
|
|
928
954
|
let transport;
|
|
929
955
|
let isNativeTransport = false;
|
|
956
|
+
// True only for the follow-redirects transport, which applies
|
|
957
|
+
// options.maxBodyLength itself. Every other transport (http2, native
|
|
958
|
+
// http/https, a user-supplied custom transport) needs the explicit
|
|
959
|
+
// byte-counting pipeline below to enforce maxBodyLength on streamed uploads.
|
|
960
|
+
let transportEnforcesMaxBodyLength = false;
|
|
930
961
|
const isHttpsRequest = isHttps.test(options.protocol);
|
|
931
962
|
// Don't clobber a CONNECT-tunneling agent installed by setProxy() for an
|
|
932
963
|
// HTTPS target.
|
|
933
964
|
if (options.agent == null) {
|
|
934
|
-
options.agent = isHttpsRequest ?
|
|
965
|
+
options.agent = isHttpsRequest ? httpsAgent : httpAgent;
|
|
935
966
|
}
|
|
936
967
|
|
|
937
968
|
if (isHttp2) {
|
|
@@ -940,25 +971,85 @@ export default isHttpAdapterSupported &&
|
|
|
940
971
|
const configTransport = own('transport');
|
|
941
972
|
if (configTransport) {
|
|
942
973
|
transport = configTransport;
|
|
943
|
-
} else if (
|
|
974
|
+
} else if (maxRedirects === 0) {
|
|
944
975
|
transport = isHttpsRequest ? https : http;
|
|
945
976
|
isNativeTransport = true;
|
|
946
977
|
} else {
|
|
947
|
-
|
|
948
|
-
|
|
978
|
+
transportEnforcesMaxBodyLength = true;
|
|
979
|
+
options.sensitiveHeaders = [];
|
|
980
|
+
if (maxRedirects) {
|
|
981
|
+
options.maxRedirects = maxRedirects;
|
|
949
982
|
}
|
|
950
983
|
const configBeforeRedirect = own('beforeRedirect');
|
|
951
984
|
if (configBeforeRedirect) {
|
|
952
985
|
options.beforeRedirects.config = configBeforeRedirect;
|
|
953
986
|
}
|
|
987
|
+
if (auth) {
|
|
988
|
+
// Restore HTTP Basic credentials on same-origin redirects only.
|
|
989
|
+
// follow-redirects >= 1.15.8 strips Authorization on every redirect (see #6929);
|
|
990
|
+
// cross-origin stripping is the documented mitigation for T-R2 in THREATMODEL.md
|
|
991
|
+
// and is preserved by deliberately not restoring on origin change.
|
|
992
|
+
const requestOrigin = parsed.origin;
|
|
993
|
+
const authToRestore = auth;
|
|
994
|
+
options.beforeRedirects.auth = function beforeRedirectAuth(redirectOptions) {
|
|
995
|
+
try {
|
|
996
|
+
if (new URL(redirectOptions.href).origin === requestOrigin) {
|
|
997
|
+
redirectOptions.auth = authToRestore;
|
|
998
|
+
}
|
|
999
|
+
} catch (e) {
|
|
1000
|
+
// ignore malformed URL: leaving auth stripped is fail-safe
|
|
1001
|
+
}
|
|
1002
|
+
};
|
|
1003
|
+
}
|
|
1004
|
+
const sensitiveHeaders = own('sensitiveHeaders');
|
|
1005
|
+
if (sensitiveHeaders != null) {
|
|
1006
|
+
if (!utils.isArray(sensitiveHeaders)) {
|
|
1007
|
+
return reject(
|
|
1008
|
+
new AxiosError(
|
|
1009
|
+
'sensitiveHeaders must be an array of strings',
|
|
1010
|
+
AxiosError.ERR_BAD_OPTION_VALUE,
|
|
1011
|
+
config
|
|
1012
|
+
)
|
|
1013
|
+
);
|
|
1014
|
+
}
|
|
1015
|
+
|
|
1016
|
+
const sensitiveSet = new Set();
|
|
1017
|
+
for (const header of sensitiveHeaders) {
|
|
1018
|
+
if (!utils.isString(header)) {
|
|
1019
|
+
return reject(
|
|
1020
|
+
new AxiosError(
|
|
1021
|
+
'sensitiveHeaders must be an array of strings',
|
|
1022
|
+
AxiosError.ERR_BAD_OPTION_VALUE,
|
|
1023
|
+
config
|
|
1024
|
+
)
|
|
1025
|
+
);
|
|
1026
|
+
}
|
|
1027
|
+
|
|
1028
|
+
sensitiveSet.add(header.toLowerCase());
|
|
1029
|
+
}
|
|
1030
|
+
|
|
1031
|
+
if (sensitiveSet.size) {
|
|
1032
|
+
options.sensitiveHeaders = Array.from(sensitiveSet);
|
|
1033
|
+
options.beforeRedirects.sensitiveHeaders = function beforeRedirectSensitiveHeaders(
|
|
1034
|
+
redirectOptions,
|
|
1035
|
+
requestDetails
|
|
1036
|
+
) {
|
|
1037
|
+
if (!isSameOriginRedirect(redirectOptions, requestDetails)) {
|
|
1038
|
+
stripMatchingHeaders(redirectOptions.headers, sensitiveSet);
|
|
1039
|
+
}
|
|
1040
|
+
};
|
|
1041
|
+
}
|
|
1042
|
+
}
|
|
954
1043
|
transport = isHttpsRequest ? httpsFollow : httpFollow;
|
|
955
1044
|
}
|
|
956
1045
|
}
|
|
957
1046
|
|
|
958
|
-
|
|
959
|
-
|
|
1047
|
+
// Set an explicit maxBodyLength option for transports that inspect it.
|
|
1048
|
+
// When maxBodyLength is -1 (default/unlimited), use Infinity so
|
|
1049
|
+
// follow-redirects does not fall back to its own 10MB default.
|
|
1050
|
+
if (maxBodyLength > -1) {
|
|
1051
|
+
options.maxBodyLength = maxBodyLength;
|
|
960
1052
|
} else {
|
|
961
|
-
// follow-redirects does not skip comparison, so it should always succeed for axios -1 unlimited
|
|
962
1053
|
options.maxBodyLength = Infinity;
|
|
963
1054
|
}
|
|
964
1055
|
|
|
@@ -1004,7 +1095,7 @@ export default isHttpAdapterSupported &&
|
|
|
1004
1095
|
const lastRequest = res.req || req;
|
|
1005
1096
|
|
|
1006
1097
|
// if decompress disabled we should not decompress
|
|
1007
|
-
if (
|
|
1098
|
+
if (decompress !== false && res.headers['content-encoding']) {
|
|
1008
1099
|
// if no content, but headers still say that it is encoded,
|
|
1009
1100
|
// remove the header not confuse downstream operations
|
|
1010
1101
|
if (method === 'HEAD' || res.statusCode === 204) {
|
|
@@ -1037,6 +1128,13 @@ export default isHttpAdapterSupported &&
|
|
|
1037
1128
|
streams.push(zlib.createBrotliDecompress(brotliOptions));
|
|
1038
1129
|
delete res.headers['content-encoding'];
|
|
1039
1130
|
}
|
|
1131
|
+
break;
|
|
1132
|
+
case 'zstd':
|
|
1133
|
+
if (isZstdSupported) {
|
|
1134
|
+
streams.push(zlib.createZstdDecompress(zstdOptions));
|
|
1135
|
+
delete res.headers['content-encoding'];
|
|
1136
|
+
}
|
|
1137
|
+
break;
|
|
1040
1138
|
}
|
|
1041
1139
|
}
|
|
1042
1140
|
|
|
@@ -1053,8 +1151,8 @@ export default isHttpAdapterSupported &&
|
|
|
1053
1151
|
if (responseType === 'stream') {
|
|
1054
1152
|
// Enforce maxContentLength on streamed responses; previously this
|
|
1055
1153
|
// was applied only to buffered responses.
|
|
1056
|
-
if (
|
|
1057
|
-
const limit =
|
|
1154
|
+
if (maxContentLength > -1) {
|
|
1155
|
+
const limit = maxContentLength;
|
|
1058
1156
|
const source = responseStream;
|
|
1059
1157
|
async function* enforceMaxContentLength() {
|
|
1060
1158
|
let totalResponseBytes = 0;
|
|
@@ -1086,13 +1184,13 @@ export default isHttpAdapterSupported &&
|
|
|
1086
1184
|
totalResponseBytes += chunk.length;
|
|
1087
1185
|
|
|
1088
1186
|
// make sure the content length is not over the maxContentLength if specified
|
|
1089
|
-
if (
|
|
1187
|
+
if (maxContentLength > -1 && totalResponseBytes > maxContentLength) {
|
|
1090
1188
|
// stream.destroy() emit aborted event before calling reject() on Node.js v16
|
|
1091
1189
|
rejected = true;
|
|
1092
1190
|
responseStream.destroy();
|
|
1093
1191
|
abort(
|
|
1094
1192
|
new AxiosError(
|
|
1095
|
-
'maxContentLength size of ' +
|
|
1193
|
+
'maxContentLength size of ' + maxContentLength + ' exceeded',
|
|
1096
1194
|
AxiosError.ERR_BAD_RESPONSE,
|
|
1097
1195
|
config,
|
|
1098
1196
|
lastRequest
|
|
@@ -1174,7 +1272,11 @@ export default isHttpAdapterSupported &&
|
|
|
1174
1272
|
|
|
1175
1273
|
req.on('socket', function handleRequestSocket(socket) {
|
|
1176
1274
|
// default interval of sending ack packet is 1 minute
|
|
1177
|
-
|
|
1275
|
+
// proxy agents (e.g. agent-base) may return a generic Duplex stream
|
|
1276
|
+
// that doesn't have setKeepAlive, so guard before calling
|
|
1277
|
+
if (typeof socket.setKeepAlive === 'function') {
|
|
1278
|
+
socket.setKeepAlive(true, 1000 * 60);
|
|
1279
|
+
}
|
|
1178
1280
|
|
|
1179
1281
|
// Install a single 'error' listener per socket (not per request) to avoid
|
|
1180
1282
|
// accumulating listeners on pooled keep-alive sockets that get reassigned
|
|
@@ -1207,9 +1309,9 @@ export default isHttpAdapterSupported &&
|
|
|
1207
1309
|
});
|
|
1208
1310
|
|
|
1209
1311
|
// Handle request timeout
|
|
1210
|
-
if (
|
|
1312
|
+
if (own('timeout')) {
|
|
1211
1313
|
// This is forcing a int timeout to avoid problems if the `req` interface doesn't handle other types.
|
|
1212
|
-
const timeout = parseInt(
|
|
1314
|
+
const timeout = parseInt(own('timeout'), 10);
|
|
1213
1315
|
|
|
1214
1316
|
if (Number.isNaN(timeout)) {
|
|
1215
1317
|
abort(
|
|
@@ -1267,12 +1369,13 @@ export default isHttpAdapterSupported &&
|
|
|
1267
1369
|
}
|
|
1268
1370
|
});
|
|
1269
1371
|
|
|
1270
|
-
// Enforce maxBodyLength for streamed uploads on
|
|
1271
|
-
//
|
|
1272
|
-
//
|
|
1372
|
+
// Enforce maxBodyLength for streamed uploads on every transport that
|
|
1373
|
+
// does not apply options.maxBodyLength itself (native http/https, http2,
|
|
1374
|
+
// and user-supplied custom transports). The follow-redirects transport
|
|
1375
|
+
// enforces it on the redirected HTTP/1 path.
|
|
1273
1376
|
let uploadStream = data;
|
|
1274
|
-
if (
|
|
1275
|
-
const limit =
|
|
1377
|
+
if (maxBodyLength > -1 && !transportEnforcesMaxBodyLength) {
|
|
1378
|
+
const limit = maxBodyLength;
|
|
1276
1379
|
let bytesSent = 0;
|
|
1277
1380
|
uploadStream = stream.pipeline(
|
|
1278
1381
|
[
|
|
@@ -1310,3 +1413,5 @@ export default isHttpAdapterSupported &&
|
|
|
1310
1413
|
};
|
|
1311
1414
|
|
|
1312
1415
|
export const __setProxy = setProxy;
|
|
1416
|
+
export const __isNodeEnvProxyEnabled = isNodeEnvProxyEnabled;
|
|
1417
|
+
export const __isSameOriginRedirect = isSameOriginRedirect;
|