diff options
author | Marius David Wieschollek <passwords.public@mdns.eu> | 2019-07-15 22:45:31 +0300 |
---|---|---|
committer | Marius David Wieschollek <passwords.public@mdns.eu> | 2019-07-15 22:45:31 +0300 |
commit | ebd0b674c9160ec2dbdbac4fa8cef485357c80e8 (patch) | |
tree | 8ab77afaec941f974b1a6741d64dd59aebf65b6e | |
parent | e69a265618d1cca697f9a7ded9f05804f3c9537d (diff) |
Validate content type of server response
-rw-r--r-- | package-lock.json | 2 | ||||
-rw-r--r-- | package.json | 2 | ||||
-rw-r--r-- | src/Classes/SimpleApi.js | 31 |
3 files changed, 19 insertions, 16 deletions
diff --git a/package-lock.json b/package-lock.json index 68b994c..6c93c10 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "passwords-client", - "version": "0.0.3", + "version": "0.0.4", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 1776908..06dcdb5 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "passwords-client", - "version": "0.0.3", + "version": "0.0.4", "description": "JS client library for the Nextcloud Passwords app", "main": "src/main.js", "author": "Marius Wieschollek", diff --git a/src/Classes/SimpleApi.js b/src/Classes/SimpleApi.js index 6001cb6..d630adf 100644 --- a/src/Classes/SimpleApi.js +++ b/src/Classes/SimpleApi.js @@ -541,7 +541,7 @@ export default class SimpleApi { * @returns {Promise} */ getAvatar(user, size = 32) { - return this._sendRequest(['service.avatar', {user, size}], null, 'GET', 'text'); + return this._sendRequest(['service.avatar', {user, size}], null, 'GET', 'image/png'); } /** @@ -564,7 +564,7 @@ export default class SimpleApi { */ getFavicon(domain, size = 32) { if(domain === null || domain.length === 0) domain = 'default'; - return this._sendRequest(['service.favicon', {domain, size}], null, 'GET', 'text'); + return this._sendRequest(['service.favicon', {domain, size}], null, 'GET', 'image/png'); } /** @@ -594,7 +594,7 @@ export default class SimpleApi { ['service.preview', {domain, view, width, height}], null, 'GET', - 'text' + 'image/png' ); } @@ -691,16 +691,20 @@ export default class SimpleApi { * @returns {Promise} * @private */ - async _sendRequest(path, data = null, method = null, dataType = 'json') { + async _sendRequest(path, data = null, method = null, dataType = 'application/json') { if(!this._enabled) throw new Error('API not authorized'); - let url = this._getRequestUrl(path), - options = this._getRequestOptions(method, data, dataType), - response = await this._executeRequest(url, options), - contentType = response.headers.get('content-type'); + let url = this._getRequestUrl(path), + options = this._getRequestOptions(method, data, dataType), + response = await this._executeRequest(url, options), + contentType = response.headers.get('content-type'); this._checkSessionToken(response); - if(contentType && contentType.indexOf('application/json') !== -1) { + if(contentType && contentType.indexOf(dataType) === -1) { + let error = new Error(`Content type mismatch: Expected ${dataType}, got ${contentType}`); + this._config.events.emit('api.request.error', {response, error}); + throw error; + } else if(contentType && contentType.indexOf('application/json') !== -1) { return await this._processJsonResponse(response); } else { return await this._processBinaryResponse(response); @@ -723,9 +727,9 @@ export default class SimpleApi { if(!this._headers.hasOwnProperty(header)) continue; headers.append(header, this._headers[header]); } - headers.append('Accept', `application/${dataType}`); + headers.append('Accept', dataType); - let options = {method, headers, credentials: 'omit'}; + let options = {method, headers, credentials: 'omit', redirect: 'error'}; if(data) { headers.append('Content-Type', 'application/json'); options.body = JSON.stringify(data); @@ -759,7 +763,6 @@ export default class SimpleApi { * @private */ async _executeRequest(url, options) { - try { let request = new Request(url, options); this._config.events.emit('api.request.before', request); @@ -810,7 +813,7 @@ export default class SimpleApi { throw json; } - this._config.events.emit('api.request.after', {response, data:json, type:'json'}); + this._config.events.emit('api.request.after', {response, data: json, type: 'json'}); return json; } @@ -837,7 +840,7 @@ export default class SimpleApi { throw error; } - this._config.events.emit('api.request.after', {response, data:blob, type:'blob'}); + this._config.events.emit('api.request.after', {response, data: blob, type: 'blob'}); return blob; } |