File CVE-2024-30260-undici-clear-proxy-authorization... of Package electron_enable-additional-archs

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2024-30260-undici-clear-proxy-authorization.patch of Package electron_enable-additional-archs

Manual backport of https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75

--- src/third_party/electron_node/deps/undici/src/lib/handler/RedirectHandler.js.old	2024-04-04 09:55:39.696980900 +0000
+++ src/third_party/electron_node/deps/undici/src/lib/handler/RedirectHandler.js	2024-04-09 16:52:37.888616200 +0000
@@ -188,7 +188,8 @@ function shouldRemoveHeader (header, rem
     (header.length === 4 && header.toString().toLowerCase() === 'host') ||
     (removeContent && header.toString().toLowerCase().indexOf('content-') === 0) ||
     (unknownOrigin && header.length === 13 && header.toString().toLowerCase() === 'authorization') ||
-    (unknownOrigin && header.length === 6 && header.toString().toLowerCase() === 'cookie')
+    (unknownOrigin && header.length === 6 && header.toString().toLowerCase() === 'cookie') ||
+    (unknownOrigin && header.length === 19 && header.toString().toLowerCase() === 'proxy-authorization')
   )
 }
 
--- src/third_party/electron_node/deps/undici/undici.js.old	2024-04-04 10:02:38.059765300 +0000
+++ src/third_party/electron_node/deps/undici/undici.js	2024-04-09 16:51:15.754041100 +0000
@@ -7902,7 +7902,7 @@ var require_RedirectHandler = __commonJS
     }
     __name(parseLocation, "parseLocation");
     function shouldRemoveHeader(header, removeContent, unknownOrigin) {
-      return header.length === 4 && header.toString().toLowerCase() === "host" || removeContent && header.toString().toLowerCase().indexOf("content-") === 0 || unknownOrigin && header.length === 13 && header.toString().toLowerCase() === "authorization" || unknownOrigin && header.length === 6 && header.toString().toLowerCase() === "cookie";
+      return header.length === 4 && header.toString().toLowerCase() === "host" || removeContent && header.toString().toLowerCase().indexOf("content-") === 0 || unknownOrigin && header.length === 13 && header.toString().toLowerCase() === "authorization" || unknownOrigin && header.length === 6 && header.toString().toLowerCase() === "cookie" || unknownOrigin && header.length === 19 && header.toString().toLowerCase() === "proxy-authorization"
     }
     __name(shouldRemoveHeader, "shouldRemoveHeader");
     function cleanRequestHeaders(headers, removeContent, unknownOrigin) {

Places

File CVE-2024-30260-undici-clear-proxy-authorization.patch of Package electron_enable-additional-archs

Places