From 389f0de811e8a66259a2734accc76bc219153567 Mon Sep 17 00:00:00 2001 From: Bastien Caudan Date: Tue, 6 Jun 2023 15:50:34 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=92=A5[RUMF-1152]=20sanitize=20resource?= =?UTF-8?q?=20method=20names?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- packages/core/src/browser/fetchObservable.spec.ts | 4 +++- packages/core/src/browser/fetchObservable.ts | 3 ++- packages/core/src/browser/xhrObservable.spec.ts | 15 +++++++++++++++ packages/core/src/browser/xhrObservable.ts | 2 +- 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/packages/core/src/browser/fetchObservable.spec.ts b/packages/core/src/browser/fetchObservable.spec.ts index 9629b6d077..b233552725 100644 --- a/packages/core/src/browser/fetchObservable.spec.ts +++ b/packages/core/src/browser/fetchObservable.spec.ts @@ -113,6 +113,7 @@ describe('fetch proxy', () => { fetchStub(new Request(FAKE_URL, { method: 'PUT' }), { method: 'POST' }).resolveWith({ status: 500 }) fetchStub(new Request(FAKE_URL), { method: 'POST' }).resolveWith({ status: 500 }) fetchStub(FAKE_URL, { method: 'POST' }).resolveWith({ status: 500 }) + fetchStub(FAKE_URL, { method: 'post' }).resolveWith({ status: 500 }) fetchStub(null as any).resolveWith({ status: 500 }) fetchStub({ method: 'POST' } as any).resolveWith({ status: 500 }) @@ -123,8 +124,9 @@ describe('fetch proxy', () => { expect(requests[3].method).toEqual('POST') expect(requests[4].method).toEqual('POST') expect(requests[5].method).toEqual('POST') - expect(requests[6].method).toEqual('GET') + expect(requests[6].method).toEqual('POST') expect(requests[7].method).toEqual('GET') + expect(requests[8].method).toEqual('GET') done() }) }) diff --git a/packages/core/src/browser/fetchObservable.ts b/packages/core/src/browser/fetchObservable.ts index 02716d8b3c..7ede80e839 100644 --- a/packages/core/src/browser/fetchObservable.ts +++ b/packages/core/src/browser/fetchObservable.ts @@ -69,7 +69,8 @@ function createFetchObservable() { } function beforeSend(observable: Observable, input: unknown, init?: RequestInit) { - const method = (init && init.method) || (input instanceof Request && input.method) || 'GET' + const methodFromParams = (init && init.method) || (input instanceof Request && input.method) + const method = methodFromParams ? methodFromParams.toUpperCase() : 'GET' const url = input instanceof Request ? input.url : normalizeUrl(String(input)) const startClocks = clocksNow() diff --git a/packages/core/src/browser/xhrObservable.spec.ts b/packages/core/src/browser/xhrObservable.spec.ts index e0270e16ea..c101ab9124 100644 --- a/packages/core/src/browser/xhrObservable.spec.ts +++ b/packages/core/src/browser/xhrObservable.spec.ts @@ -54,6 +54,21 @@ describe('xhr observable', () => { }) }) + it('should sanitize request method', (done) => { + withXhr({ + setup(xhr) { + xhr.open('get', '/ok') + xhr.send() + xhr.complete(200, 'ok') + }, + onComplete() { + const request = requests[0] + expect(request.method).toBe('GET') + done() + }, + }) + }) + it('should track client error', (done) => { withXhr({ setup(xhr) { diff --git a/packages/core/src/browser/xhrObservable.ts b/packages/core/src/browser/xhrObservable.ts index b0b7f73026..6542a099ed 100644 --- a/packages/core/src/browser/xhrObservable.ts +++ b/packages/core/src/browser/xhrObservable.ts @@ -66,7 +66,7 @@ function createXhrObservable() { function openXhr(this: XMLHttpRequest, method: string, url: string | URL | undefined | null) { xhrContexts.set(this, { state: 'open', - method, + method: method.toUpperCase(), url: normalizeUrl(String(url)), }) }