'use strict' var url = require('url') var isUrl = /^https?:/ function Redirect (request) { this.request = request this.followRedirect = true this.followRedirects = true this.followAllRedirects = false this.followOriginalHttpMethod = false this.allowRedirect = function () { return true } this.maxRedirects = 10 this.redirects = [] this.redirectsFollowed = 0 this.removeRefererHeader = false } Redirect.prototype.onRequest = function (options) { var self = this if (options.maxRedirects !== undefined) { self.maxRedirects = options.maxRedirects } if (typeof options.followRedirect === 'function') { self.allowRedirect = options.followRedirect } if (options.followRedirect !== undefined) { self.followRedirects = !!options.followRedirect } if (options.followAllRedirects !== undefined) { self.followAllRedirects = options.followAllRedirects } if (self.followRedirects || self.followAllRedirects) { self.redirects = self.redirects || [] } if (options.removeRefererHeader !== undefined) { self.removeRefererHeader = options.removeRefererHeader } if (options.followOriginalHttpMethod !== undefined) { self.followOriginalHttpMethod = options.followOriginalHttpMethod } } Redirect.prototype.redirectTo = function (response) { var self = this var request = self.request var redirectTo = null if (response.statusCode >= 300 && response.statusCode < 400 && response.caseless.has('location')) { var location = response.caseless.get('location') request.debug('redirect', location) if (self.followAllRedirects) { redirectTo = location } else if (self.followRedirects) { switch (request.method) { case 'PATCH': case 'PUT': case 'POST': case 'DELETE': // Do not follow redirects break default: redirectTo = location break } } } else if (response.statusCode === 401) { var authHeader = request._auth.onResponse(response) if (authHeader) { request.setHeader('authorization', authHeader) redirectTo = request.uri } } return redirectTo } Redirect.prototype.onResponse = function (response) { var self = this var request = self.request var redirectTo = self.redirectTo(response) if (!redirectTo || !self.allowRedirect.call(request, response)) { return false } request.debug('redirect to', redirectTo) // ignore any potential response body. it cannot possibly be useful // to us at this point. // response.resume should be defined, but check anyway before calling. Workaround for browserify. if (response.resume) { response.resume() } if (self.redirectsFollowed >= self.maxRedirects) { request.emit('error', new Error('Exceeded maxRedirects. Probably stuck in a redirect loop ' + request.uri.href)) return false } self.redirectsFollowed += 1 if (!isUrl.test(redirectTo)) { redirectTo = url.resolve(request.uri.href, redirectTo) } var uriPrev = request.uri request.uri = url.parse(redirectTo) // handle the case where we change protocol from https to http or vice versa if (request.uri.protocol !== uriPrev.protocol) { delete request.agent } self.redirects.push({ statusCode: response.statusCode, redirectUri: redirectTo }) if (self.followAllRedirects && request.method !== 'HEAD' && response.statusCode !== 401 && response.statusCode !== 307) { request.method = self.followOriginalHttpMethod ? request.method : 'GET' } // request.method = 'GET' // Force all redirects to use GET || commented out fixes #215 delete request.src delete request.req delete request._started if (response.statusCode !== 401 && response.statusCode !== 307) { // Remove parameters from the previous response, unless this is the second request // for a server that requires digest authentication. delete request.body delete request._form if (request.headers) { request.removeHeader('host') request.removeHeader('content-type') request.removeHeader('content-length') if (request.uri.hostname !== request.originalHost.split(':')[0]) { // Remove authorization if changing hostnames (but not if just // changing ports or protocols). This matches the behavior of curl: // https://github.com/bagder/curl/blob/6beb0eee/lib/http.c#L710 request.removeHeader('authorization') } } } if (!self.removeRefererHeader) { request.setHeader('referer', uriPrev.href) } request.emit('redirect') request.init() return true } exports.Redirect = Redirect