Skip sending the proxyReq event when the expect header is present (#1447)

* Skip sending the proxyReq event when the expect header is present * Adjust padding to match advisory Co-authored-by: Smylnycky, Jason M <jason.smylnycky@cengage.com>
2025-12-08 20:59:18 +00:00 · 2020-05-17 17:18:42 -04:00 · 2020-05-17 17:18:42 -04:00 · 335aeeba2f
commit 335aeeba2f
parent dba39668ba
2 changed files with 47 additions and 1 deletions
--- a/lib/http-proxy/passes/web-incoming.js
+++ b/lib/http-proxy/passes/web-incoming.js
@ -129,7 +129,9 @@ module.exports = {

    // Enable developers to modify the proxyReq before headers are sent
    proxyReq.on('socket', function(socket) {
-      if(server) { server.emit('proxyReq', proxyReq, req, res, options); }
+      if(server && !proxyReq.getHeader('expect')) {
+        server.emit('proxyReq', proxyReq, req, res, options);
+      }
    });

    // allow outgoing socket to timeout so that we could
--- a/test/lib-http-proxy-passes-web-incoming-test.js
+++ b/test/lib-http-proxy-passes-web-incoming-test.js
@ -126,6 +126,50 @@ describe('#createProxyServer.web() using own http server', function () {
    http.request('http://127.0.0.1:8081', function() {}).end();
  });

+  it('should skip proxyReq event when handling a request with header "expect: 100-continue" [https://www.npmjs.com/advisories/1486]', function (done) {
+    var proxy = httpProxy.createProxyServer({
+      target: 'http://127.0.0.1:8080',
+    });
+
+    proxy.on('proxyReq', function(proxyReq, req, res, options) {
+      proxyReq.setHeader('X-Special-Proxy-Header', 'foobar');
+    });
+
+    function requestHandler(req, res) {
+      proxy.web(req, res);
+    }
+
+    var proxyServer = http.createServer(requestHandler);
+
+    var source = http.createServer(function(req, res) {
+      source.close();
+      proxyServer.close();
+      expect(req.headers['x-special-proxy-header']).to.not.eql('foobar');
+      done();
+    });
+
+    proxyServer.listen('8081');
+    source.listen('8080');
+
+    const postData = ''.padStart(1025, 'x');
+
+    const postOptions = {
+      hostname: '127.0.0.1',
+      port: 8081,
+      path: '/',
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+        'Content-Length': Buffer.byteLength(postData),
+        'expect': '100-continue'
+      }
+    };
+
+    const req = http.request(postOptions, function() {});
+    req.write(postData);
+    req.end();
+  });
+
  it('should proxy the request and handle error via callback', function(done) {
    var proxy = httpProxy.createProxyServer({
      target: 'http://127.0.0.1:8080'