fix(HTTP Request Node): Do not modify request object when sanitizing message for UI (#10923)

2025-02-21 02:56:40 -08:00 · 2024-09-23 11:10:31 +03:00 · 2024-09-23 11:10:31 +03:00 · 8cc10cc2c1
parent 60ee0d4ce7
commit 8cc10cc2c1
2 changed files with 26 additions and 10 deletions
--- a/packages/nodes-base/nodes/HttpRequest/GenericFunctions.ts
+++ b/packages/nodes-base/nodes/HttpRequest/GenericFunctions.ts
@ -1,11 +1,12 @@
 import type { SecureContextOptions } from 'tls';
-import type {
-	ICredentialDataDecryptedObject,
-	IDataObject,
-	INodeExecutionData,
-	INodeProperties,
-	IOAuth2Options,
-	IRequestOptions,
+import {
+	deepCopy,
+	type ICredentialDataDecryptedObject,
+	type IDataObject,
+	type INodeExecutionData,
+	type INodeProperties,
+	type IOAuth2Options,
+	type IRequestOptions,
 } from 'n8n-workflow';

 import set from 'lodash/set';
@ -60,7 +61,12 @@ export function sanitizeUiMessage(
 	authDataKeys: IAuthDataSanitizeKeys,
 	secrets?: string[],
 ) {
-	let sendRequest = request as unknown as IDataObject;
+	const { body, ...rest } = request as IDataObject;
+
+	let sendRequest: IDataObject = { body };
+	for (const [key, value] of Object.entries(rest)) {
+		sendRequest[key] = deepCopy(value);
+	}

 	// Protect browser from sending large binary data
 	if (Buffer.isBuffer(sendRequest.body) && sendRequest.body.length > 250000) {
--- a/packages/nodes-base/nodes/HttpRequest/test/utils/utils.test.ts
+++ b/packages/nodes-base/nodes/HttpRequest/test/utils/utils.test.ts
@ -93,7 +93,7 @@ describe('HTTP Node Utils', () => {
 			);
 		});

-		it('should remove keys that contain sensitive data', async () => {
+		it('should remove keys that contain sensitive data and do not modify requestOptions', async () => {
 			const requestOptions: IRequestOptions = {
 				method: 'POST',
 				uri: 'https://example.com',
@ -115,6 +115,14 @@ describe('HTTP Node Utils', () => {
 				method: 'POST',
 				uri: 'https://example.com',
 			});
+
+			expect(requestOptions).toEqual({
+				method: 'POST',
+				uri: 'https://example.com',
+				body: { sessionToken: 'secret', other: 'foo' },
+				headers: { authorization: 'secret', other: 'foo' },
+				auth: { user: 'user', password: 'secret' },
+			});
 		});

 		it('should remove secrets', async () => {
@ -125,7 +133,9 @@ describe('HTTP Node Utils', () => {
 				headers: { authorization: 'secretAccessToken', other: 'foo' },
 			};

-			expect(sanitizeUiMessage(requestOptions, {}, ['secretAccessToken'])).toEqual({
+			const sanitizedRequest = sanitizeUiMessage(requestOptions, {}, ['secretAccessToken']);
+
+			expect(sanitizedRequest).toEqual({
 				body: {
 					nested: {
 						secret: REDACTED,