fix(security): guard http adapter config reads against prototype pollution

2026-06-17 19:21:29 +03:00 · 2026-04-18 15:15:07 +02:00
parent 70302b6c90
commit 74a05bc336
1 changed files with 12 additions and 4 deletions
@@ -333,8 +333,15 @@ const http2Transport = {
 export default isHttpAdapterSupported &&
  function httpAdapter(config) {
    return wrapAsync(async function dispatchHttpRequest(resolve, reject, onDone) {
-      let { data, lookup, family, httpVersion = 1, http2Options } = config;
-      const { responseType, responseEncoding } = config;
+      const own = (key) => (utils.hasOwnProp(config, key) ? config[key] : undefined);
+      let data = own('data');
+      let lookup = own('lookup');
+      let family = own('family');
+      let httpVersion = own('httpVersion');
+      if (httpVersion === undefined) httpVersion = 1;
+      let http2Options = own('http2Options');
+      const responseType = own('responseType');
+      const responseEncoding = own('responseEncoding');
      const method = config.method.toUpperCase();
      let isDone;
      let rejected = false;
@@ -679,8 +686,9 @@ export default isHttpAdapterSupported &&
      if (isHttp2) {
        transport = http2Transport;
      } else {
-        if (config.transport) {
-          transport = config.transport;
+        const configTransport = own('transport');
+        if (configTransport) {
+          transport = configTransport;
        } else if (config.maxRedirects === 0) {
          transport = isHttpsRequest ? https : http;
        } else {