You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In cases where axios is used by servers to perform http requests to user-supplied urls, a proxy is commonly used to protect internal networks from unauthorized access and SSRF. This bug enables an attacker to bypass the proxy by providing a url that responds with a redirect to a restricted host/ip.
To Reproduce
The following code spawns a proxy server that always responds with a 302 redirect, so requests should never reach the target url, however, axios is only reaching the proxy once, and bypassing the proxy after the redirect response.
Describe the bug
In cases where
axios
is used by servers to perform http requests to user-supplied urls, a proxy is commonly used to protect internal networks from unauthorized access and SSRF. This bug enables an attacker to bypass the proxy by providing a url that responds with a redirect to a restricted host/ip.To Reproduce
The following code spawns a proxy server that always responds with a 302 redirect, so requests should never reach the target url, however,
axios
is only reaching the proxy once, and bypassing the proxy after the redirect response.https://runkit.com/embed/1df5qy8lbgnc
The response is the rendered html of http://example.com
Expected behavior
All the requests should pass via the proxy. In the provided scenario, there should be a redirect loop.
Environment
Additional context/Screenshots
Add any other context about the problem here. If applicable, add screenshots to help explain.
オリジナルは @aSapien が axios/axios#3369 にポスト
The text was updated successfully, but these errors were encountered: