fix: Remove auth when cross origin redirect (box/box-codegen#648) (#488)

box-sdk-build · web-flow · commit 56fb2879ab70 · 2025-01-21T13:43:58.000+01:00
diff --git a/.codegen.json b/.codegen.json
@@ -1 +1 @@
-{ "engineHash": "6f803a2", "specHash": "091b558", "version": "1.10.0" }
+{ "engineHash": "b5ed925", "specHash": "091b558", "version": "1.10.0" }
diff --git a/package-lock.json b/package-lock.json
diff --git a/src/networking/boxNetworkClient.ts b/src/networking/boxNetworkClient.ts
@@ -232,8 +232,13 @@ export class BoxNetworkClient implements NetworkClient {
           message: `Unable to follow redirect for ${fetchOptions.url}`,
         });
       }
+      const sameOrigin =
+        new URL(fetchResponse.headers['location']).origin ===
+        new URL(fetchOptions.url).origin;
       return this.fetch({
         ...options,
+        params: undefined,
+        auth: sameOrigin ? fetchOptions.auth : undefined,
         url: fetchResponse.headers['location'],
       });
     }

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-{ "engineHash": "6f803a2", "specHash": "091b558", "version": "1.10.0" }`
	`1`	`+{ "engineHash": "b5ed925", "specHash": "091b558", "version": "1.10.0" }`
Original file line number	Diff line number	Diff line change
`@@ -232,8 +232,13 @@ export class BoxNetworkClient implements NetworkClient {`
`232`	`232`	message: `Unable to follow redirect for ${fetchOptions.url}`,
`233`	`233`	`});`
`234`	`234`	`}`
	`235`	`+ const sameOrigin =`
	`236`	`+ new URL(fetchResponse.headers['location']).origin ===`
	`237`	`+ new URL(fetchOptions.url).origin;`
`235`	`238`	`return this.fetch({`
`236`	`239`	`...options,`
	`240`	`+ params: undefined,`
	`241`	`+ auth: sameOrigin ? fetchOptions.auth : undefined,`
`237`	`242`	`url: fetchResponse.headers['location'],`
`238`	`243`	`});`
`239`	`244`	`}`