search

microsoft / typed-rest-client

Node Rest and Http Clients with typings for use with TypeScript
Other
675 stars 118 forks source link

Authentication header is set on redirect request #302

Closed FalconerTC closed 2 years ago

FalconerTC commented 3 years ago

Environment

Node version: Any Npm version: Any OS and version: Any typed-rest-client version: Latest

Issue Description

Work was done to prevent the authentication header being set on redirects that use credential handlers (https://github.com/microsoft/typed-rest-client/pull/207) but this header should really be prevented on all redirect requests (or an option added to prevent it from being added)

An example use case is authentication to the Github API

  if (token !== "") {
    headers["Authorization"] = `token ${token}`
  }

This request does not use a credential handler

Expected behaviour

Authentication header should no be sent on any redirects

Actual behaviour

Authentication header is only stripped when using credential handlers

github-actions[bot] commented 2 years ago

This issue has had no activity in 90 days. Please comment if it is not actually stale