Node 18.18.2 Incorrectly copies headers onto fetches #2374
Comments
|
cc: @KhafraDev @mcollina |
|
duplicate of #2358 |
|
@KhafraDev thank you for the quick fix and sorry for not looking for dupes first! Do we have any plan worked out for if / when Node would take this for a 18.18.3? We are avoid taking 18.18x in the meantime but would love the latest security fixes once this is integrated. |
|
nodejs/node#50274 might have that info for others looking. |
|
No worries about reporting dupes, I don't mind at all. I don't have any idea when (or if) v18 will be updated; someone will have to take the time to backport the undici update changes. Looking at the issue linked here, is it fixed with the newest undici update? |
|
Not sure if that's exactly what you asked, but I can confirm it was fixed in Node v21.1.0 (released yesterday), which included the update to undici 5.26.4, so I'd assume that backporting that update would fix it for v18.x and v20.x as well |
Bug Description
Noticed that in our product using Node 18 that we encountered a slew of issues when moving forward to 18.18.2 that included a CVE fix for undici. Debugging into the issue it appears that in the CVE fix a class name was changed resulting in incorrect behavior. See the screenshot below and I believe it should be a simple fix. The headers copying logic fell down the wrong path when it failed to recognize that the passed in Object was already a Headers object.
Reproducible By
I dont have a minimal repro handy but it should be just creating a new Request with both an existing request with headers to copy and an init param.
Expected Behavior
When creating a new request with both a Request object to copy and an init set of options, the headers from the request are preserved.
Logs & Screenshots
Environment
Node v18.18.2
The text was updated successfully, but these errors were encountered: