fix: #1700 cannot set Authorization via extraHeaders

authts · Oct 16, 2024 · a6f8375 · a6f8375
1 parent 77806c7
commit a6f8375
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 5 deletions.
diff --git a/src/JsonService.test.ts b/src/JsonService.test.ts
@@ -587,4 +587,65 @@ describe("JsonService", () => {
             expect(result).toEqual(json);
         });
     });
+
+    describe("_appendExtraHeaders", () => {
+        it("should add extra headers", () => {
+            // arrange
+            const headers = {
+                "Accept": "application/json",
+            };
+            subject["_extraHeaders"] = {
+                "foo": "bar",
+            };
+
+            // act
+            subject["_appendExtraHeaders"](headers);
+
+            // assert
+            expect(headers).toMatchObject({
+                "Accept": "application/json",
+                "foo": "bar",
+            });
+        });
+
+        it("should skip protected special headers", () => {
+            // arrange
+            const headers = {
+                "Accept": "application/json",
+            };
+            subject["_extraHeaders"] = {
+                "foo": "bar",
+                "accept": "application/xml",
+            };
+
+            // act
+            subject["_appendExtraHeaders"](headers);
+
+            // assert
+            expect(headers).toMatchObject({
+                "Accept": "application/json",
+                "foo": "bar",
+            });
+        });
+
+        it("should skip override special headers", () => {
+            // arrange
+            const headers = {
+                "Authorization": "Bearer 1",
+            };
+            subject["_extraHeaders"] = {
+                "foo": "bar",
+                "Authorization": "Bearer 2",
+            };
+
+            // act
+            subject["_appendExtraHeaders"](headers);
+
+            // assert
+            expect(headers).toMatchObject({
+                "Authorization": "Bearer 1",
+                "foo": "bar",
+            });
+        });
+    });
 });
diff --git a/src/JsonService.ts b/src/JsonService.ts
@@ -91,7 +91,7 @@ export class JsonService {
             headers["Authorization"] = "Bearer " + token;
         }
 
-        this.appendExtraHeaders(headers);
+        this._appendExtraHeaders(headers);
 
         let response: Response;
         try {
@@ -147,7 +147,7 @@ export class JsonService {
             headers["Authorization"] = "Basic " + basicAuth;
         }
 
-        this.appendExtraHeaders(headers);
+        this._appendExtraHeaders(headers);
 
         let response: Response;
         try {
@@ -194,22 +194,29 @@ export class JsonService {
         return json;
     }
 
-    private appendExtraHeaders(
+    private _appendExtraHeaders(
         headers: Record<string, string>,
     ): void {
         const logger = this._logger.create("appendExtraHeaders");
         const customKeys = Object.keys(this._extraHeaders);
         const protectedHeaders = [
-            "authorization",
             "accept",
             "content-type",
         ];
+        const preventOverride = [
+            "authorization",
+        ];
         if (customKeys.length === 0) {
             return;
         }
         customKeys.forEach((headerName) => {
             if (protectedHeaders.includes(headerName.toLocaleLowerCase())) {
-                logger.warn("Protected header could not be overridden", headerName, protectedHeaders);
+                logger.warn("Protected header could not be set", headerName, protectedHeaders);
+                return;
+            }
+            if (preventOverride.includes(headerName.toLocaleLowerCase()) &&
+                Object.keys(headers).includes(headerName)) {
+                logger.warn("Header could not be overridden", headerName, preventOverride);
                 return;
             }
             const content = (typeof this._extraHeaders[headerName] === "function") ?