changes

Sampaguitas · Sampaguitas · commit 2d822ad72b07 · 2022-02-17T17:59:46.000+04:00
diff --git a/test/leak.test.js b/test/leak.test.js
@@ -0,0 +1,37 @@
+'use strict';
+
+var request = require('../').defaults({ json: true });;
+var t = require('chai').assert;
+
+describe('Information Leak', function () {
+
+    it('should not forward cookie headers when the request has a redirect', function (done) {
+
+        request({
+            url: 'https://httpbingo.org/cookies?url=https://google.com/',
+            headers: {
+                'Content-Type': 'application/json',
+                'cookie': 'ajs_anonymous_id=1234567890',
+                'authorization': 'Bearer eyJhb12345abcdef'
+            }
+        }, function (err, response, body) {
+            t.strictEqual(Object.keys(body).length, 0);
+            done();
+        });
+    });
+
+    it('should not forward authorization headers when the request has a redirect', function (done) {
+
+        request({
+            url: 'https://httpbingo.org/bearer?url=https://google.com/',
+            headers: {
+                'Content-Type': 'application/json',
+                'cookie': 'ajs_anonymous_id=1234567890',
+                'authorization': 'Bearer eyJhb12345abcdef'
+            }
+        }, function (err, response, body) {
+            t.strictEqual(body, undefined);
+            done();
+        });
+    });
+});
