Skip to content

Commit

Permalink
fix: harden checks for cookies in error responses (#252)
Browse files Browse the repository at this point in the history
This commit adds a couple of checks to avoid
problems while handling cookies found in error responses.

Signed-off-by: Phil Adams <phil_adams@us.ibm.com>
  • Loading branch information
padamstx authored Sep 27, 2023
1 parent 9788d56 commit 36f7bfe
Showing 1 changed file with 18 additions and 14 deletions.
32 changes: 18 additions & 14 deletions lib/cookie-support.ts
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ import logger from './logger';
const internalCreateCookieInterceptor = (cookieJar: CookieJar) => {
/**
* This is called by Axios when a request is about to be sent in order to
* copy the cookie string from the URL to a request header.
* set the "cookie" header in the request.
*
* @param config the Axios request config
* @returns the request config
Expand Down Expand Up @@ -54,33 +54,37 @@ const internalCreateCookieInterceptor = (cookieJar: CookieJar) => {
*/
async function responseInterceptor(response: AxiosResponse) {
logger.debug('CookieInterceptor: intercepting response to check for set-cookie headers.');
const cookies: string[] = response.headers['set-cookie'];
if (cookies) {
logger.debug(`CookieInterceptor: setting cookies in jar for URL ${response.config.url}.`);
// Write cookies sequentially by chaining the promises in a reduce
await cookies.reduce(
(cookiePromise: Promise<Cookie>, cookie: string) =>
cookiePromise.then(() => cookieJar.setCookie(cookie, response.config.url)),
Promise.resolve(null)
);
if (response && response.headers) {
const cookies: string[] = response.headers['set-cookie'];
if (cookies) {
logger.debug(`CookieInterceptor: setting cookies in jar for URL ${response.config.url}.`);
// Write cookies sequentially by chaining the promises in a reduce
await cookies.reduce(
(cookiePromise: Promise<Cookie>, cookie: string) =>
cookiePromise.then(() => cookieJar.setCookie(cookie, response.config.url)),
Promise.resolve(null)
);
} else {
logger.debug('CookieInterceptor: no set-cookie headers.');
}
} else {
logger.debug('CookieInterceptor: no set-cookie headers.');
logger.debug('CookieInterceptor: no response headers.');
}

return response;
}

/**
* This is called by Axios when a non-2xx response has been received.
* We'll simply invoke the "responseFulfilled" method since we want to
* do the same cookie handler as for a success response.
* We'll simply delegate to the "responseInterceptor" method since we want to
* do the same cookie handling as for a success response.
* @param error the Axios error object that describes the non-2xx response
* @returns the error object
*/
async function responseRejected(error: any) {
logger.debug('CookieIntercepter: intercepting error response');

if (isAxiosError(error)) {
if (isAxiosError(error) && error.response) {
logger.debug('CookieIntercepter: delegating to responseInterceptor()');
await responseInterceptor(error.response);
} else {
Expand Down

0 comments on commit 36f7bfe

Please sign in to comment.