mirror of
https://github.com/kremalicious/metamask-extension.git
synced 2024-11-23 02:10:12 +01:00
dacdaf031c
* security: patch request for CVE-2023-28155 GHSA-p8p7-x288-28g6 Ported from https://github.com/request/request/pull/3444 * add iyarc exclusion
32 lines
1.1 KiB
Diff
32 lines
1.1 KiB
Diff
diff --git a/lib/redirect.js b/lib/redirect.js
|
|
index b9150e77c73d63367845c0aec15b5684d900943f..2864f9f2abc481ecf2b2dd96b1293f5b93393efd 100644
|
|
--- a/lib/redirect.js
|
|
+++ b/lib/redirect.js
|
|
@@ -14,6 +14,7 @@ function Redirect (request) {
|
|
this.redirects = []
|
|
this.redirectsFollowed = 0
|
|
this.removeRefererHeader = false
|
|
+ this.allowInsecureRedirect = false
|
|
}
|
|
|
|
Redirect.prototype.onRequest = function (options) {
|
|
@@ -40,6 +41,9 @@ Redirect.prototype.onRequest = function (options) {
|
|
if (options.followOriginalHttpMethod !== undefined) {
|
|
self.followOriginalHttpMethod = options.followOriginalHttpMethod
|
|
}
|
|
+ if (options.allowInsecureRedirect !== undefined) {
|
|
+ self.allowInsecureRedirect = options.allowInsecureRedirect
|
|
+ }
|
|
}
|
|
|
|
Redirect.prototype.redirectTo = function (response) {
|
|
@@ -108,7 +112,7 @@ Redirect.prototype.onResponse = function (response) {
|
|
request.uri = url.parse(redirectTo)
|
|
|
|
// handle the case where we change protocol from https to http or vice versa
|
|
- if (request.uri.protocol !== uriPrev.protocol) {
|
|
+ if (request.uri.protocol !== uriPrev.protocol && self.allowInsecureRedirect) {
|
|
delete request.agent
|
|
}
|
|
|