include::../description.adoc[] include::../ask-yourself.adoc[] include::../recommended.adoc[] == Sensitive Code Example ---- // === Built-in NodeJS modules === const http = require('http'); http.request(url, (res) => {}); // Sensitive http.get(url, (res) => {}); // Sensitive const https = require('https'); https.request(url, (res) => {}); // Sensitive https.get(url, (res) => {}); // Sensitive ---- ---- // === Request NodeJS module === const request = require('request'); // All Request methods making HTTP requests are security-sensitive and should be reviewed. // Examples: request(url, function (error, res, body) {}); // Sensitive request.get(url); // Sensitive ---- ---- // === Axios module === const axios = require('axios'); // All Axios methods making HTTP requests are security-sensitive and should be reviewed. // Example: axios.get(url) // Sensitive .then(function (res) {}); ---- ---- // === In browser, XMLHttpRequest === var xmlhttp = null; if (window.XMLHttpRequest) { xmlhttp = new XMLHttpRequest(); // modern browsers } else { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); // very old IE browsers } xmlhttp.onreadystatechange = function() {}; xmlhttp.open("GET", url, false); // Sensitive xmlhttp.send(); ---- ---- // === In modern browsers, Fetch API === window.fetch(url) // Sensitive .then(function(res) {}); ---- ---- // === In old IE browsers, XDomainRequest === var xdr = new XDomainRequest(); xdr.open("GET", url); xdr.send(); ---- ---- // === In browser, jQuery === // All jQuery methods making HTTP requests are security-sensitive and should be reviewed. // Examples: $.ajax({ url: url }) // Sensitive .done(function(data) {}); $.get(url, function(data) {}); // Sensitive ---- include::../see.adoc[] ifdef::env-github,rspecator-view[] ''' == Implementation Specification (visible only on this page) === Message Make sure that this HTTP request is sent safely. ''' == Comments And Links (visible only on this page) === on 9 Dec 2018, 16:04:48 Lars Svensson wrote: https://nodejs.org/api/http.html https://nodejs.org/api/https.html https://www.npmjs.com/package/request - most popular HTTP request module, with 14.7M downloads/week. https://www.npmjs.com/package/axios - another popular library for both client and server side. https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API https://api.jquery.com/category/ajax/ include::../comments-and-links.adoc[] endif::env-github,rspecator-view[]