mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-20 20:00:40 +03:00
Code Activity

fix(security): guard http adapter config reads against prototype pollution

Browse Source
This commit is contained in:
Jason Saayman
2026-04-18 15:15:07 +02:00
parent 70302b6c90
commit 74a05bc336
1 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/adapters/http.js
+12 -4
View File
@@ -333,8 +333,15 @@ const http2Transport = {
export default isHttpAdapterSupported && export default isHttpAdapterSupported &&
function httpAdapter(config) { function httpAdapter(config) {
return wrapAsync(async function dispatchHttpRequest(resolve, reject, onDone) { return wrapAsync(async function dispatchHttpRequest(resolve, reject, onDone) {
let { data, lookup, family, httpVersion = 1, http2Options } = config; const own = (key) => (utils.hasOwnProp(config, key) ? config[key] : undefined);
const { responseType, responseEncoding } = config; let data = own('data');
let lookup = own('lookup');
let family = own('family');
let httpVersion = own('httpVersion');
if (httpVersion === undefined) httpVersion = 1;
let http2Options = own('http2Options');
const responseType = own('responseType');
const responseEncoding = own('responseEncoding');
const method = config.method.toUpperCase(); const method = config.method.toUpperCase();
let isDone; let isDone;
let rejected = false; let rejected = false;
@@ -679,8 +686,9 @@ export default isHttpAdapterSupported &&
if (isHttp2) { if (isHttp2) {
transport = http2Transport; transport = http2Transport;
} else { } else {
if (config.transport) { const configTransport = own('transport');
transport = config.transport; if (configTransport) {
transport = configTransport;
} else if (config.maxRedirects === 0) { } else if (config.maxRedirects === 0) {
transport = isHttpsRequest ? https : http; transport = isHttpsRequest ? https : http;
} else { } else {