fix: explicitly set content-length again

Closes #420 Co-authored-by: Filip Skokan <panva.ip@gmail.com>
panva · Oct 28, 2021 · 956c34b · 956c34b
1 parent 4f02503
commit 956c34b
Show file tree

Hide file tree

Showing 6 changed files with 44 additions and 13 deletions.
diff --git a/docs/README.md b/docs/README.md
@@ -344,7 +344,7 @@ will also be checked to match the on in the TokenSet's ID Token.
 - `options`: `<Object>`
   - `method`: `<string>` The HTTP method to use for the request 'GET' or 'POST'. **Default:** 'GET'
   - `via`: `<string>` The mechanism to use to attach the Access Token to the request. Valid values
-    are `header`, `body`, or `query`. **Default:** 'header'.
+    are `header` or `body`. **Default:** 'header'.
   - `tokenType`: `<string>` The token type as the Authorization Header scheme. **Default:** 'Bearer'
     or the `token_type` property from a passed in TokenSet.
   - `params`: `<Object>` additional parameters to send with the userinfo request (as query string

diff --git a/lib/helpers/request.js b/lib/helpers/request.js
@@ -39,6 +39,19 @@ setDefaults([], {
   timeout: 3500,
 });
 
+function send(req, body, contentType) {
+  if (contentType) {
+    req.removeHeader('content-type');
+    req.setHeader('content-type', contentType);
+  }
+  if (body) {
+    req.removeHeader('content-length');
+    req.setHeader('content-length', Buffer.byteLength(body));
+    req.write(body);
+  }
+  req.end();
+}
+
 module.exports = async function request(options, { accessToken, mTLS = false, DPoP } = {}) {
   let url;
   try {
@@ -98,20 +111,16 @@ module.exports = async function request(options, { accessToken, mTLS = false, DP
   let response;
   const req = (url.protocol === 'https:' ? https.request : http.request)(url, opts);
   return (async () => {
-    // if (GET (and other && form, json, body)) throw;
     if (json) {
-      req.removeHeader('content-type');
-      req.setHeader('content-type', 'application/json');
-      req.write(JSON.stringify(json));
+      send(req, JSON.stringify(json), 'application/json');
     } else if (form) {
-      req.removeHeader('content-type');
-      req.setHeader('content-type', 'application/x-www-form-urlencoded');
-      req.write(querystring.stringify(form));
+      send(req, querystring.stringify(form), 'application/x-www-form-urlencoded');
     } else if (body) {
-      req.write(body);
+      send(req, body);
+    } else {
+      send(req);
     }
 
-    req.end();
     [response] = await Promise.race([once(req, 'response'), once(req, 'timeout')]);
 
     // timeout reached

diff --git a/test/client/client_instance.test.js b/test/client/client_instance.test.js
@@ -1,4 +1,5 @@
 const url = require('url');
+const { isNumber, isUndefined } = require('util');
 const querystring = require('querystring');
 const stdhttp = require('http');
 
@@ -556,6 +557,8 @@ describe('Client', () => {
 
         nock('https://op.example.com')
           .matchHeader('Accept', 'application/json')
+          .matchHeader('Content-Length', isNumber)
+          .matchHeader('Transfer-Encoding', isUndefined)
           .filteringRequestBody(function (body) {
             expect(querystring.parse(body)).to.eql({
               code: 'foo',
@@ -614,6 +617,8 @@ describe('Client', () => {
 
         nock('https://op.example.com')
           .matchHeader('Accept', 'application/json')
+          .matchHeader('Content-Length', isNumber)
+          .matchHeader('Transfer-Encoding', isUndefined)
           .filteringRequestBody(function (body) {
             expect(querystring.parse(body)).to.eql({
               code: 'foo',
@@ -873,6 +878,8 @@ describe('Client', () => {
 
         nock('https://op.example.com')
           .matchHeader('Accept', 'application/json')
+          .matchHeader('Content-Length', isNumber)
+          .matchHeader('Transfer-Encoding', isUndefined)
           .filteringRequestBody(function (body) {
             expect(querystring.parse(body)).to.eql({
               code: 'foo',
@@ -931,6 +938,8 @@ describe('Client', () => {
 
         nock('https://op.example.com')
           .matchHeader('Accept', 'application/json')
+          .matchHeader('Content-Length', isNumber)
+          .matchHeader('Transfer-Encoding', isUndefined)
           .filteringRequestBody(function (body) {
             expect(querystring.parse(body)).to.eql({
               code: 'foo',
@@ -1350,7 +1359,6 @@ describe('Client', () => {
       });
 
       nock('https://op.example.com')
-        .matchHeader('Accept', 'application/json')
         .matchHeader('Accept', 'application/json')
         .matchHeader('Authorization', 'Bearer tokenValue')
         .get('/me')
@@ -1382,7 +1390,6 @@ describe('Client', () => {
       });
 
       nock('https://op.example.com')
-        .matchHeader('Accept', 'application/json')
         .matchHeader('Accept', 'application/json')
         .matchHeader('Authorization', 'DPoP tokenValue')
         .get('/me')

diff --git a/test/client/device_flow.test.js b/test/client/device_flow.test.js
@@ -1,4 +1,5 @@
 const querystring = require('querystring');
+const { isNumber, isUndefined } = require('util');
 
 const { expect } = require('chai');
 const nock = require('nock');
@@ -36,6 +37,8 @@ describe('Device Flow features', () => {
     it('returns a handle (without optional response parameters)', async function () {
       nock('https://op.example.com')
         .matchHeader('Accept', 'application/json')
+        .matchHeader('Content-Length', isNumber)
+        .matchHeader('Transfer-Encoding', isUndefined)
         .filteringRequestBody(function (body) {
           expect(querystring.parse(body)).to.eql({
             client_id: 'client',
@@ -137,6 +140,8 @@ describe('Device Flow features', () => {
 
         nock('https://op.example.com')
           .matchHeader('Accept', 'application/json')
+          .matchHeader('Content-Length', isNumber)
+          .matchHeader('Transfer-Encoding', isUndefined)
           .filteringRequestBody(function (body) {
             expect(querystring.parse(body)).to.eql({
               client_id: 'client',

diff --git a/test/client/dpop.test.js b/test/client/dpop.test.js
@@ -1,3 +1,5 @@
+const { isUndefined } = require('util');
+
 const { expect } = require('chai');
 const nock = require('nock');
 const jose2 = require('jose2');
@@ -245,7 +247,11 @@ describe('DPoP', () => {
   });
 
   it('is enabled for requestResource', async function () {
-    nock('https://rs.example.com').post('/resource').reply(200, { sub: 'foo' });
+    nock('https://rs.example.com')
+      .matchHeader('Transfer-Encoding', isUndefined)
+      .matchHeader('Content-Length', isUndefined)
+      .post('/resource')
+      .reply(200, { sub: 'foo' });
 
     await this.client.requestResource('https://rs.example.com/resource', 'foo', {
       DPoP: privateKey,

diff --git a/test/client/register_client.test.js b/test/client/register_client.test.js
@@ -1,3 +1,5 @@
+const { isNumber, isUndefined } = require('util');
+
 const { expect } = require('chai');
 const jose2 = require('jose2');
 const sinon = require('sinon');
@@ -25,6 +27,8 @@ describe('Client#register', () => {
   it('accepts and assigns the registered metadata', function () {
     nock('https://op.example.com')
       .matchHeader('Accept', 'application/json')
+      .matchHeader('Content-Length', isNumber)
+      .matchHeader('Transfer-Encoding', isUndefined)
       .post('/client/registration')
       .reply(201, {
         client_id: 'identifier',