UNPKG

@uppy/companion

Version:

OAuth helper and remote fetcher for Uppy's (https://uppy.io) extensible file upload widget with support for drag&drop, resumable uploads, previews, restrictions, file processing/encoding, remote providers like Dropbox and Google Drive, S3 and more :dog:

github.com/transloadit/uppy

transloadit/uppy

69 lines (62 loc) 1.38 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import * as logger from './logger.js' /** * Forbidden header names. */ const forbiddenNames = [ 'accept-charset', 'accept-encoding', 'access-control-request-headers', 'access-control-request-method', 'connection', 'content-length', 'cookie', 'cookie2', 'date', 'dnt', 'expect', 'host', 'keep-alive', 'origin', 'referer', 'te', 'trailer', 'transfer-encoding', 'upgrade', 'via', ] /** * Forbidden header regexs. */ const forbiddenRegex = [/^proxy-.*$/, /^sec-.*$/] /** * Check if the header in parameter is a forbidden header. * * @param {string} header Header to check * @returns True if header is forbidden, false otherwise. */ const isForbiddenHeader = (header) => { const headerLower = header.toLowerCase() const forbidden = forbiddenNames.indexOf(headerLower) >= 0 || forbiddenRegex.findIndex((regex) => regex.test(headerLower)) >= 0 if (forbidden) { logger.warn(`Header forbidden: ${header}`, 'header.forbidden') } return forbidden } export default function headerBlacklist(headers) { if ( headers == null || typeof headers !== 'object' || Array.isArray(headers) ) { return {} } const headersCloned = { ...headers } Object.keys(headersCloned).forEach((header) => { if (isForbiddenHeader(header)) { delete headersCloned[header] } }) return headersCloned }