request.defaults() doesn't always preserve headers and cookie jar

[RaceProUK]

var baseRequest = request.defaults({
  headers: {x-token: 'my-token'}
})

var specialRequest = baseRequest.defaults({
  headers: {special: 'special value'}
})

According to the documentation, specialRequest should send both the x-token and special headers. However, this isn't always the case; sometimes, it only sends the special header. Similarly, the cookie jar, if one is being used, gets unassigned.

I can provide a more concrete example if required.

[simov]

@RaceProUK more thorough example would be great 👍

[RaceProUK]

As requested; I've stripped out stuff that's irrelevant from both snippets.

This is where we're creating the initial request object:

var jar = request.jar(),
    browser = request.defaults({
        rejectUnauthorized: false,
        jar: jar,
        headers: {
            'X-Requested-With': 'XMLHttpRequest',
            'User-Agent': 'UserAgent'
        }
    });

And this is where we're trying to add a new header:

browser = browser.defaults({
        headers: {
            'X-CSRF-Token': csrf
        }
    });

By the documentation, browser should now be sending all three headers as well as the contents of the cookie jar; however, when checking with request-debug, after the second snippet had executed, only the X-CSRF-Token header was set, and there were no cookies.

We've been able to work around it by doing this:

browser = browser.defaults({
        headers: {
            'X-Requested-With': 'XMLHttpRequest',
            'User-Agent': 'UserAgent',
            'X-CSRF-Token': csrf
        },
        jar: jar
    });

Which works, but obviously we'd rather not duplicate code if we can help it 😉

The version of request I spotted this issue in is 2.55.0.

[simov]

Thanks, here is what I'm testing with:

var jar = request.jar(),
    browser = request.defaults({
      rejectUnauthorized: false,
      jar: jar,
      headers: {
        'X-Requested-With': 'XMLHttpRequest',
        'User-Agent': 'UserAgent'
      }
    });

    browser = browser.defaults({
      headers: {
        'X-CSRF-Token': 'csrf'
      }
    });

    browser('http://requestb.in/ougkjpou', function (err, res, body) {
      if (err) console.log(err)
      console.log(res.statusCode)
    })

Is that the correct result? I'm looking at the headers.

[RaceProUK]

The headers are there alright; not sure why I'm seeing different results…

Maybe it's because we're using browser.get() for the request that gets the CSRF token, then browser.post() for the next request? A bit like this:

var jar = request.jar(),
    browser = request.defaults({
      rejectUnauthorized: false,
      jar: jar,
      headers: {
        'X-Requested-With': 'XMLHttpRequest',
        'User-Agent': 'UserAgent'
      }
    });
    browser.get(getUrl, callback);
//other stuff goes on; eventually getting to this bit
    browser = browser.defaults({
      headers: {
        'X-CSRF-Token': 'csrf'
      }
    });
    browser.post(postUrl, body, callback);

[simov]

Ok, I was able to reproduce it, probably that's a bug, I'll take a look at it.

[simov]

Ok, this was fixed in #1540 but it's not published to NPM yet :)

[simov]

Closing @RaceProUK this fix will be released when 2.56 is published on NPM