Skip to content

Custom request headers #636

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
nleush merged 15 commits into from
Mar 30, 2026
Merged

Custom request headers #636

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
5a37f61
make async `prepareRequestOptions`
nleush Mar 17, 2026
d3d7880
get custom request headers with `options.getSigHeaders`
nleush Mar 17, 2026
20c32e0
request custom headers when `options.sig`
nleush Mar 17, 2026
8c808be
catch error in `getSigHeaders`
nleush Mar 17, 2026
ef29526
log getSigHeaders error
nleush Mar 18, 2026
efc0b64
update user agent workaround
nleush Mar 25, 2026
f5189bf
tests: allow use getSigHeaders
nleush Mar 25, 2026
e6dfc31
use getSigHeaders
nleush Mar 25, 2026
7710f78
debugger: use `getSigHeaders`
nleush Mar 25, 2026
fa530a2
bugfix import
nleush Mar 25, 2026
8037430
bugfix `options undefined`
nleush Mar 26, 2026
5e5afc1
fix user agent assign priority
nleush Mar 26, 2026
797cb5e
Update audit.log
nleush Mar 30, 2026
c899d21
remove debug log
nleush Mar 30, 2026
3cec7ea
remove debug log
nleush Mar 30, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 72 additions & 1 deletion audit.log
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,72 @@
No known vulnerabilities found
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ high │ path-to-regexp vulnerable to Denial of Service via │
│ │ sequential optional groups │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package │ path-to-regexp │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=8.0.0 <8.4.0 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions │ >=8.4.0 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths │ .>express>router>path-to-regexp │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info │ https://github.com/advisories/GHSA-j3q9-mxjg-w52f │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ moderate │ Serialize JavaScript has CPU Exhaustion Denial of │
│ │ Service via crafted array-like objects │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package │ serialize-javascript │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ <7.0.5 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions │ >=7.0.5 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths │ .>mocha>serialize-javascript │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info │ https://github.com/advisories/GHSA-qj8w-gfj5-8c6v │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ moderate │ brace-expansion: Zero-step sequence causes process │
│ │ hang and memory exhaustion │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package │ brace-expansion │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=2.0.0 <2.0.3 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions │ >=2.0.3 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths │ .>mocha>minimatch>brace-expansion │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info │ https://github.com/advisories/GHSA-f886-m6hf-6m8v │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ moderate │ brace-expansion: Zero-step sequence causes process │
│ │ hang and memory exhaustion │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package │ brace-expansion │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=4.0.0 <5.0.5 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions │ >=5.0.5 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths │ .>mocha>glob>minimatch>brace-expansion │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info │ https://github.com/advisories/GHSA-f886-m6hf-6m8v │
└─────────────────────┴────────────────────────────────────────────────────────┘
┌─────────────────────┬────────────────────────────────────────────────────────┐
│ moderate │ path-to-regexp vulnerable to Regular Expression Denial │
│ │ of Service via multiple wildcards │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Package │ path-to-regexp │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Vulnerable versions │ >=8.0.0 <8.4.0 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Patched versions │ >=8.4.0 │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ Paths │ .>express>router>path-to-regexp │
├─────────────────────┼────────────────────────────────────────────────────────┤
│ More info │ https://github.com/advisories/GHSA-27v5-c462-wpq7 │
└─────────────────────┴────────────────────────────────────────────────────────┘
5 vulnerabilities found
Severity: 4 moderate | 1 high
8 changes: 2 additions & 6 deletions lib/request.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -152,17 +152,13 @@ export default function(options, iframely_options, callback) {
});
}

if (!options.headers || !options.headers['User-Agent']) {
options.headers = options.headers || {};
options.headers['User-Agent'] = CONFIG.USER_AGENT;
}

iframely_options.registerFetch({
source: 'api',
url: options.uri
});

fetchData(utils.prepareRequestOptions(options, iframely_options))
utils.prepareRequestOptions(options, iframely_options)
.then(request_options => fetchData(request_options))
.then(result => {
finish(null, result);
})
Expand Down
Loading
Loading