From 0e36aeb421997948ef5d5170fa8d9b50d25b852d Mon Sep 17 00:00:00 2001
From: Elias Meire <elias@meire.dev>
Date: Tue, 20 Feb 2024 13:23:36 +0100
Subject: [PATCH] fix(core): Apply correct hostname to redirected requests
 (#8674)

---
 packages/core/src/NodeExecuteFunctions.ts | 38 +++++++++++++----------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/packages/core/src/NodeExecuteFunctions.ts b/packages/core/src/NodeExecuteFunctions.ts
index 3129e964b8650..3d027a05b8971 100644
--- a/packages/core/src/NodeExecuteFunctions.ts
+++ b/packages/core/src/NodeExecuteFunctions.ts
@@ -252,6 +252,24 @@ const getHostFromRequestObject = (
 	}
 };
 
+const getBeforeRedirectFn =
+	(agentOptions: AgentOptions, axiosConfig: AxiosRequestConfig) =>
+	(redirectedRequest: Record<string, any>) => {
+		const redirectAgent = new Agent({
+			...agentOptions,
+			servername: redirectedRequest.hostname,
+		});
+		redirectedRequest.agent = redirectAgent;
+		redirectedRequest.agents.https = redirectAgent;
+
+		if (axiosConfig.headers?.Authorization) {
+			redirectedRequest.headers.Authorization = axiosConfig.headers.Authorization;
+		}
+		if (axiosConfig.auth) {
+			redirectedRequest.auth = `${axiosConfig.auth.username}:${axiosConfig.auth.password}`;
+		}
+	};
+
 export async function parseRequestObject(requestObject: IRequestOptions) {
 	// This function is a temporary implementation
 	// That translates all http requests done via
@@ -475,22 +493,6 @@ export async function parseRequestObject(requestObject: IRequestOptions) {
 		axiosConfig.maxRedirects = 0;
 	}
 
-	axiosConfig.beforeRedirect = (redirectedRequest) => {
-		if (axiosConfig.headers?.Authorization) {
-			redirectedRequest.headers.Authorization = axiosConfig.headers.Authorization;
-		}
-		if (axiosConfig.auth) {
-			redirectedRequest.auth = `${axiosConfig.auth.username}:${axiosConfig.auth.password}`;
-		}
-	};
-
-	if (requestObject.rejectUnauthorized === false) {
-		axiosConfig.httpsAgent = new Agent({
-			rejectUnauthorized: false,
-			secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT,
-		});
-	}
-
 	const host = getHostFromRequestObject(requestObject);
 	const agentOptions: AgentOptions = {};
 	if (host) {
@@ -502,6 +504,8 @@ export async function parseRequestObject(requestObject: IRequestOptions) {
 	}
 	axiosConfig.httpsAgent = new Agent(agentOptions);
 
+	axiosConfig.beforeRedirect = getBeforeRedirectFn(agentOptions, axiosConfig);
+
 	if (requestObject.timeout !== undefined) {
 		axiosConfig.timeout = requestObject.timeout;
 	}
@@ -894,6 +898,8 @@ function convertN8nRequestToAxios(n8nRequest: IHttpRequestOptions): AxiosRequest
 	}
 	axiosRequest.httpsAgent = new Agent(agentOptions);
 
+	axiosRequest.beforeRedirect = getBeforeRedirectFn(agentOptions, axiosRequest);
+
 	if (n8nRequest.arrayFormat !== undefined) {
 		axiosRequest.paramsSerializer = (params) => {
 			return stringify(params, { arrayFormat: n8nRequest.arrayFormat });