Skip to content

Commit d02d61a

Browse files
RegalijanRegalijan
authored
fix: normalize HTTP headers (#858)
Lowercase all header names in request options of http.js and improve resilience against no headers existing
1 parent f1ec62d commit d02d61a

File tree

1 file changed

+20
-17
lines changed

1 file changed

+20
-17
lines changed

lib/util/http.js

+20-17
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,11 @@ request = request.defaults({
3737
**/
3838

3939
function http (url, opt) {
40+
if (opt?.headers) {
41+
opt.headers = Object.fromEntries(
42+
Object.entries(opt.headers).map(([k, v]) => [k.toLowerCase(), v])
43+
)
44+
}
4045
if (opt && !opt.jar && Object.keys(opt).indexOf('jar') > -1) {
4146
opt.jar = options.jar
4247
}
@@ -82,26 +87,24 @@ exports.func = function (args) {
8287
return follow
8388
}
8489
return http(args.url, opt).then(function (res) {
85-
if (opt && opt.headers && opt.headers['X-CSRF-TOKEN']) {
86-
if (res.statusCode === 403 && res.headers['X-CSRF-TOKEN']) {
87-
if (depth >= 2) {
88-
throw new Error('Tried ' + (depth + 1) + ' times and could not refresh XCSRF token successfully')
89-
}
90+
if (res.statusCode === 403 && res.headers['x-csrf-token'] && Object.hasOwn(opt.headers ?? {}, 'x-csrf-token')) {
91+
if (depth >= 2) {
92+
throw new Error('Tried ' + (depth + 1) + ' times and could not refresh XCSRF token successfully')
93+
}
9094

91-
const token = res.headers['x-csrf-token']
95+
const token = res.headers['x-csrf-token']
9296

93-
if (token) {
94-
opt.headers['X-CSRF-TOKEN'] = token
95-
opt.jar = jar
96-
args.depth = depth + 1
97-
return exports.func(args)
98-
} else {
99-
throw new Error('Could not refresh X-CSRF-TOKEN')
100-
}
97+
if (token) {
98+
opt.headers['x-csrf-token'] = token
99+
opt.jar = jar
100+
args.depth = depth + 1
101+
return exports.func(args)
101102
} else {
102-
if (depth > 0) {
103-
cache.add(options.cache, 'XCSRF', getHash({ jar }), opt.headers['X-CSRF-TOKEN'])
104-
}
103+
throw new Error('Could not refresh X-CSRF-TOKEN')
104+
}
105+
} else {
106+
if (depth > 0) {
107+
cache.add(options.cache, 'XCSRF', getHash({ jar }), opt.headers['x-csrf-token'])
105108
}
106109
}
107110
if (res.statusCode === 302 && !args.ignoreLoginError && res.headers.location && (res.headers.location.startsWith('https://www.roblox.com/newlogin') || res.headers.location.startsWith('/Login/Default.aspx'))) {

0 commit comments

Comments
 (0)