diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ceb2f51d..341919712 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,9 @@ A breaking change will get clearly marked in this log. * `basicNodeSigner` has been updated to reflect the new type. - `ClientOptions.signAuthEntry` type has also been updated to reflect the SEP 43 protocol, which also returns a promise containing the`signerAddress` in addition to the `signAuthEntry` that was returned previously. It also can return an `Error` type. +### Added +- `stellartoml-Resolver.resolve` now has a `allowedRedirects` option to configure the number of allowed redirects to follow when resolving a stellar toml file. + ## [v13.0.0-rc.1](https://github.com/stellar/js-stellar-sdk/compare/v12.3.0...v13.0.0-rc.1) ### Breaking Changes diff --git a/src/http-client/types.ts b/src/http-client/types.ts index 5d57f2e59..3d9c16721 100644 --- a/src/http-client/types.ts +++ b/src/http-client/types.ts @@ -32,6 +32,7 @@ export interface HttpClientRequestConfig { headers?: HeadersInit; params?: Record; maxContentLength?: number; + maxRedirects?: number; cancelToken?: CancelToken; adapter?: (config: HttpClientRequestConfig) => Promise; } diff --git a/src/stellartoml/index.ts b/src/stellartoml/index.ts index 315d558fe..9e1b011dc 100644 --- a/src/stellartoml/index.ts +++ b/src/stellartoml/index.ts @@ -59,6 +59,7 @@ export class Resolver { return httpClient .get(`${protocol}://${domain}/.well-known/stellar.toml`, { + maxRedirects: opts.allowedRedirects ?? 0, maxContentLength: STELLAR_TOML_MAX_SIZE, cancelToken: timeout ? new CancelToken((cancel) => @@ -99,6 +100,7 @@ export namespace Api { export interface StellarTomlResolveOptions { allowHttp?: boolean; timeout?: number; + allowedRedirects?: number; } export type Url = string; export type PublicKey = string; diff --git a/test/unit/stellar_toml_resolver_test.js b/test/unit/stellar_toml_resolver_test.js index fae2640c0..ed07fb8ce 100644 --- a/test/unit/stellar_toml_resolver_test.js +++ b/test/unit/stellar_toml_resolver_test.js @@ -184,5 +184,65 @@ FEDERATION_SERVER="https://api.stellar.org/federation" .then(() => tempServer.close()); }); }); + + it("rejects redirect response when allowedRedirects is not specified", function (done) { + // Unable to create temp server in a browser + if (typeof window != "undefined") { + return done(); + } + + let tempServer = http + .createServer((req, res) => { + res.writeHead(302, { location: "/redirect" }); + return res.end(); + }) + .listen(4444, () => { + Resolver.resolve("localhost:4444", { + allowHttp: true, + }) + .then((response) => { + should.fail(); + }) + .catch((e) => { + expect(e).to.match(/Maximum number of redirects exceeded/); + }) + .finally(() => { + tempServer.close(); + done(); + }); + }); + }); + + it("returns handled redirect when allowedRedirects is specified", function (done) { + if (typeof window != "undefined") { + return done(); + } + + let tempServer = http + .createServer((req, res) => { + if (req.url !== "/redirect") { + res.writeHead(302, { location: "/redirect" }); + return res.end(); + } + res.setHeader("Content-Type", "text/x-toml; charset=UTF-8"); + res.writeHead(200); + res.end(` + FEDERATION_SERVER="https://api.stellar.org/federation" + `); + }) + .listen(4444, () => { + Resolver.resolve("localhost:4444", { + allowHttp: true, + allowedRedirects: 1, + }).then((response) => { + expect(response.FEDERATION_SERVER).equals( + "https://api.stellar.org/federation", + ); + }).finally(() => { + tempServer.close(); + done(); + }); + }); + }); }); });