fix(http): prevent POST request from being proxied (#7395)

Co-authored-by: Mark Anderson <mark@ionic.io> Co-authored-by: Dan Giralté <97970732+giralte-ionic@users.noreply.github.com>
ionic-team · Apr 15, 2024 · 7b8c352 · 7b8c352
1 parent d2b5270
commit 7b8c352
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 19 deletions.
diff --git a/android/capacitor/src/main/assets/native-bridge.js b/android/capacitor/src/main/assets/native-bridge.js
@@ -498,11 +498,11 @@ var nativeBridge = (function (exports) {
                         if (request.url.startsWith(`${cap.getServerUrl()}/`)) {
                             return win.CapacitorWebFetch(resource, options);
                         }
-                        if (!(options === null || options === void 0 ? void 0 : options.method) ||
-                            options.method.toLocaleUpperCase() === 'GET' ||
-                            options.method.toLocaleUpperCase() === 'HEAD' ||
-                            options.method.toLocaleUpperCase() === 'OPTIONS' ||
-                            options.method.toLocaleUpperCase() === 'TRACE') {
+                        const { method } = request;
+                        if (method.toLocaleUpperCase() === 'GET' ||
+                            method.toLocaleUpperCase() === 'HEAD' ||
+                            method.toLocaleUpperCase() === 'OPTIONS' ||
+                            method.toLocaleUpperCase() === 'TRACE') {
                             if (typeof resource === 'string') {
                                 return await win.CapacitorWebFetch(createProxyUrl(resource, win), options);
                             }
@@ -514,7 +514,7 @@ var nativeBridge = (function (exports) {
                         const tag = `CapacitorHttp fetch ${Date.now()} ${resource}`;
                         console.time(tag);
                         try {
-                            const { body, method } = request;
+                            const { body } = request;
                             const optionHeaders = Object.fromEntries(request.headers.entries());
                             const { data: requestData, type, headers, } = await convertBody((options === null || options === void 0 ? void 0 : options.body) || body || undefined, optionHeaders['Content-Type'] || optionHeaders['content-type']);
                             const nativeResponse = await cap.nativePromise('CapacitorHttp', 'request', {

diff --git a/core/native-bridge.ts b/core/native-bridge.ts
@@ -547,13 +547,12 @@ const initBridge = (w: any): void => {
           if (request.url.startsWith(`${cap.getServerUrl()}/`)) {
             return win.CapacitorWebFetch(resource, options);
           }
-
+          const { method } = request;
           if (
-            !options?.method ||
-            options.method.toLocaleUpperCase() === 'GET' ||
-            options.method.toLocaleUpperCase() === 'HEAD' ||
-            options.method.toLocaleUpperCase() === 'OPTIONS' ||
-            options.method.toLocaleUpperCase() === 'TRACE'
+            method.toLocaleUpperCase() === 'GET' ||
+            method.toLocaleUpperCase() === 'HEAD' ||
+            method.toLocaleUpperCase() === 'OPTIONS' ||
+            method.toLocaleUpperCase() === 'TRACE'
           ) {
             if (typeof resource === 'string') {
               return await win.CapacitorWebFetch(
@@ -573,7 +572,7 @@ const initBridge = (w: any): void => {
           console.time(tag);
 
           try {
-            const { body, method } = request;
+            const { body } = request;
             const optionHeaders = Object.fromEntries(request.headers.entries());
             const {
               data: requestData,

diff --git a/ios/Capacitor/Capacitor/assets/native-bridge.js b/ios/Capacitor/Capacitor/assets/native-bridge.js
@@ -498,11 +498,11 @@ var nativeBridge = (function (exports) {
                         if (request.url.startsWith(`${cap.getServerUrl()}/`)) {
                             return win.CapacitorWebFetch(resource, options);
                         }
-                        if (!(options === null || options === void 0 ? void 0 : options.method) ||
-                            options.method.toLocaleUpperCase() === 'GET' ||
-                            options.method.toLocaleUpperCase() === 'HEAD' ||
-                            options.method.toLocaleUpperCase() === 'OPTIONS' ||
-                            options.method.toLocaleUpperCase() === 'TRACE') {
+                        const { method } = request;
+                        if (method.toLocaleUpperCase() === 'GET' ||
+                            method.toLocaleUpperCase() === 'HEAD' ||
+                            method.toLocaleUpperCase() === 'OPTIONS' ||
+                            method.toLocaleUpperCase() === 'TRACE') {
                             if (typeof resource === 'string') {
                                 return await win.CapacitorWebFetch(createProxyUrl(resource, win), options);
                             }
@@ -514,7 +514,7 @@ var nativeBridge = (function (exports) {
                         const tag = `CapacitorHttp fetch ${Date.now()} ${resource}`;
                         console.time(tag);
                         try {
-                            const { body, method } = request;
+                            const { body } = request;
                             const optionHeaders = Object.fromEntries(request.headers.entries());
                             const { data: requestData, type, headers, } = await convertBody((options === null || options === void 0 ? void 0 : options.body) || body || undefined, optionHeaders['Content-Type'] || optionHeaders['content-type']);
                             const nativeResponse = await cap.nativePromise('CapacitorHttp', 'request', {