feat(redirects): add follow redirects

a11ywatch · Dec 1, 2022 · 3c16d17 · 3c16d17
1 parent 16eb3ec
commit 3c16d17
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 38 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # node-iframe
 
-[![j-mendez](https://circleci.com/gh/j-mendez/node-iframe.svg?style=svg)](https://circleci.com/gh/j-mendez/node-iframe)
+[![a11ywatch](https://circleci.com/gh/a11ywatch/node-iframe.svg?style=svg)](https://circleci.com/gh/a11ywatch/node-iframe)
 
 create iframes to bypass security issues on your server with node.js can also be used in a browser
 

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "node-iframe",
-  "version": "1.8.9",
+  "version": "1.9.1",
   "description": "create iframes on your server to bypass CORS. Reverse engineer security issues.",
   "main": "dist/iframe.js",
   "scripts": {
@@ -9,7 +9,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/j-mendez/node-iframe.git"
+    "url": "git+https://github.com/a11ywatch/node-iframe.git"
   },
   "keywords": [
     "node-iframe",
@@ -20,7 +20,8 @@
   "author": "Jeff Mendez <[email protected]>",
   "license": "MIT",
   "dependencies": {
-    "cheerio": "^1.0.0-rc.3"
+    "cheerio": "^1.0.0-rc.3",
+    "follow-redirects": "^1.15.2"
   },
   "devDependencies": {
     "@swc/core": "^1.2.205",

diff --git a/src/fetch.ts b/src/fetch.ts
@@ -2,29 +2,14 @@ let fetcher: // @ts-ignore
 | typeof global.fetch
   | ((url: string, options: Record<string, unknown>) => Promise<string>);
 
-let https;
-let http;
-
 if (!fetcher) {
+
   (async () => {
     if (process) {
-      // load https module
-      if (!https) {
-        try {
-          https = await import("https");
-        } catch (e) {
-          console.error("https support is disabled!");
-        }
-      }
-
-      // load http modules
-      if (!http) {
-        try {
-          http = await import("http");
-        } catch (e) {
-          console.error("http support is disabled!");
-        }
-      }
+      const followRedirects = require('follow-redirects');
+      followRedirects.maxRedirects = 4;
+      const http = followRedirects.http;
+      const https = followRedirects.https;
 
       const getHttp = (url: string) =>
         url.startsWith("https://") ? https : http;
@@ -34,8 +19,7 @@ if (!fetcher) {
         options?: {
           headers?: Record<string, any>;
           agent?: string | (() => string);
-        },
-        retry?: number
+        }
       ) => {
         const { agent, headers } = options ?? {};
         let fetchOptions = {};
@@ -62,9 +46,6 @@ if (!fetcher) {
 
           httpMethod
             .get(url, fetchOptions, (res) => {
-              if((res.statusCode === 301 || res.statusCode === 302) && retry) {
-                return get(res.headers.location, options, --retry)      
-              }
               res.setEncoding("utf8");
 
               res.on("data", (d) => {

diff --git a/src/iframe.ts b/src/iframe.ts
@@ -79,13 +79,13 @@ function configureAgent() {
 }
 
 // NOTE: control type like wappalyzer for usage only on websites that use specefic frameworks like old versions of react, angular, vue, and etc
-const mutateSource = async ({ src = "", key }, url, $html, headers, retry) => {
+const mutateSource = async ({ src = "", key }, url, $html, headers) => {
   if (src && src[0] === "/") {
     try {
       const res = await fetcher(`${url}/${src}`, {
         headers,
         agent,
-      }, retry);
+      });
 
       if (res) {
         const source = typeof process !== "undefined" ? res : await res.text();
@@ -109,7 +109,7 @@ function renderErrorHtml({ url, server, noPage = false }) {
 }
 
 async function renderHtml(
-  { url, baseHref, config, head = {}, retry },
+  { url, baseHref, config, head = {} },
   server = false
 ) {
   if (!url) {
@@ -135,8 +135,7 @@ async function renderHtml(
     response = await fetcher(url, {
       headers: head,
       agent,
-    }, 
-    retry);
+    });
   } catch (e) {
     console.error(e);
   }
@@ -179,7 +178,7 @@ async function renderHtml(
       for (const com of inlineMutations) {
         const { key, attribute, src } = com;
         const element = `${key}[${attribute}="${src}"]`;
-        await mutateSource({ key: element, src }, url, $html, headers, retry);
+        await mutateSource({ key: element, src }, url, $html, headers);
         $html(element).removeAttr(attribute);
       }