RequestOptions payloads for http/https request generated from url.parse end up having headers removed from the request #188
Comments
|
Hey, @dg-harris. Thanks for reporting this! We've finished a full rewrite of ClientRequest interception recently (#164), which included fixes for a few issues. I think what you've described has been covered. I recall there was a bug that we disregarded certain request options during Could you try cloning the current state of the repo and adding that reproduction test straight to the respective test suite? If it fails, I'd be thankful for a pull request with that failing test. |
|
Can do! Thanks for the quick response. |
|
I ran into this issue as well, this still occurs in the rewritten version ( The value of Is this something MSW could gracefully handle despite the fact that strictly speaking they are passing down values that do not belong in request options? I also believe launchdarkly uses their own evensource library instead: https://github.com/launchdarkly/js-eventsource |
|
Hi - I'm one of the maintainers of the LaunchDarkly fork of that library, and this was just brought to my attention. I'm a bit confused by this statement from @gerbyzation:
I'm not sure why it would not be legit to parse a URL with |
|
But I'm also not 100% sure why we've been doing this. My guess would be that it was came from the very old upstream code, and that possibly the In any case at this point, we could probably switch to using |
|
If I'm right that the relevant logic is in https://github.com/mswjs/interceptors/blob/main/src/interceptors/ClientRequest/utils/normalizeClientRequestArgs.ts ... then it does look to me like that logic is making a wrong assumption. It simply isn't the case that if It seems to me that the right logic would be: if there's a single argument and it's a string, then it's a URL. If there's a single argument and it's an object, then you should treat it as |
|
Again, it's probably not hard for us to switch to passing two parameters, so I'm not ruling out releasing a patch of our library if that will help. It's just that (unless I'm missing something) this does look like it might be a bug in MSW, that it is incorrectly handling an allowable usage, in which case it may affect other people's code too and not just LaunchDarkly. |
|
@eli-darkly Thanks for taking a look!
Could've worded this better, I meant this in terms of the shape of the requests object, as the parsed URL object is richer in that it includes properties not part of the type for request options. If this is a good idea (or can be expected to be a wider pattern) I think is the question here to inform if this should be fixed in MSW somehow or in the LD SDK
Partly, but not exactly as it also includes additional properties like This is the function that trips up: Line 114 specifically is where this issue is taking place, because the
If the So to summarise the presence of the additional |
|
@gerbyzation Aha, I missed that, thanks. I didn't look down far enough. Yes, that's definitely something we should fix on our end and it looks to me like MSW's logic is reasonable. |
|
@eli-darkly thanks for working on this! Gave 6.2.2 a spin today and it's looking good! |
|
@eli-darkly 6.2.2 worked for me as well, thanks for looking into this! |
|
Thank you for the cooperation, @eli-darkly! I've looked into one other example from eventsource and I can conclude that this is a wrong way to compose {
protocol: 'https:',
slashes: true,
auth: null,
host: 'mswjs.io',
port: null,
hostname: 'mswjs.io',
hash: null,
search: null,
query: null,
pathname: '/resource',
path: '/resource',
href: 'https://mswjs.io/resource',
headers: { 'Content-Type': 'text/plain' }
}These kind of options fall under no allowed call signature of
I understand anybody can construct any object as the input to Instead, const parsedUrl = parse(url)
const options = {
protocol: parsedUrl.protocol,
pathname: parsedUrl.pathname,
// ...manually map the properties expected by "RequestOptions",
// Also add headers.
headers: { 'Cache-Control': 'no-cache', 'Accept': 'text/event-stream' }
}
req = (isSecure ? https : http).request(parsedUrl, options, function (res) {That would be the correct way to call |
|
@kettanaito, thanks but I can't tell if there is any new information in your last comment - it looked to me like @gerbyzation already described the issue and answered my earlier question, clarifying why the presence of properties like |
|
@eli-darkly, understood. My point above was that we cannot account for all possible ways people may construct The fix on |
|
@kettanaito Yes, I'm saying that we already agreed on this point. No one was arguing any more that that was the right way to use |
|
@eli-darkly, my apologies, I've confused the projects. Thank you for explaining the latest state, I'm glad that people can use both projects without issues. |
If a RequestOptions payload is created using the node url.parse function, the normalizeClientRequestArgs function ends up stripping the request of additional configuration such as headers.
I've created a test to demonstrate the issue at: https://github.com/dg-harris/interceptors/pull/1/files
Here is an example of a popular library using this pattern: https://github.com/EventSource/eventsource/blob/master/lib/eventsource.js#L84-L139
Here is a repo with a small example of the
mswlibrary preventing authentication of thelaunchdarkly-node-server-sdkdue to this issue:https://github.com/dg-harris/ld-msw-authentication-issue
Please let me know if there is any additional information I can provide or work I can do to help.
The text was updated successfully, but these errors were encountered: