feat: Properly handle proxy redirection

Author: dplewis

integration/test/ParseServerTest.js

@@ -1,5 +1,8 @@
 'use strict';
 
+const http = require('http');
+const Parse = require('../../node');
+
 describe('ParseServer', () => {
   it('can reconfigure server', async () => {
     let parseServer = await reconfigureServer({ serverURL: 'www.google.com' });
@@ -34,4 +37,20 @@ describe('ParseServer', () => {
     await object.save();
     expect(object.id).toBeDefined();
   });
+
+  it('can forward redirect', async () => {
+    http.createServer(function(_, res) {
+      res.writeHead(301, { Location: 'http://localhost:1337/parse' });
+      res.end();
+    }).listen(8080);
+    const serverURL = Parse.serverURL;
+    Parse.CoreManager.set('SERVER_URL', 'http://localhost:8080/api');
+    const object = new TestObject({ foo: 'bar' });
+    await object.save();
+    const query = new Parse.Query(TestObject);
+    const result = await query.get(object.id);
+    expect(result.id).toBe(object.id);
+    expect(result.get('foo')).toBe('bar');
+    Parse.serverURL = serverURL;
+  });
 });

src/RESTController.ts

@@ -54,6 +54,13 @@ if (typeof XDomainRequest !== 'undefined' && !('withCredentials' in new XMLHttpR
   useXDomainRequest = true;
 }
 
+function getPath(url: string, path: string) {
+  if (url[url.length - 1] !== '/') {
+    url += '/';
+  }
+  return url + path;
+}
+
 function ajaxIE9(method: string, url: string, data: any, _headers?: any, options?: FullOptions) {
   return new Promise((resolve, reject) => {
     // @ts-ignore
@@ -140,6 +147,7 @@ const RESTController = {
           method,
           headers,
           signal,
+          redirect: 'manual',
         };
         if (data) {
           fetchOptions.body = data;
@@ -189,6 +197,9 @@ const RESTController = {
         } else if (status >= 400 && status < 500) {
           const error = await response.json();
           promise.reject(error);
+        } else if (status === 301 || status === 302 || status === 303 || status === 307) {
+          const location = response.headers.get('location');
+          promise.resolve({ status, location, method: status === 303 ? 'GET' : method });
         } else if (status >= 500 || status === 0) {
           // retry on 5XX or library error
           if (++attempts < CoreManager.get('REQUEST_ATTEMPT_LIMIT')) {
@@ -221,12 +232,7 @@ const RESTController = {
 
   request(method: string, path: string, data: any, options?: RequestOptions) {
     options = options || {};
-    let url = CoreManager.get('SERVER_URL');
-    if (url[url.length - 1] !== '/') {
-      url += '/';
-    }
-    url += path;
-
+    const url = getPath(CoreManager.get('SERVER_URL'), path);
     const payload: Partial<PayloadType> = {};
     if (data && typeof data === 'object') {
       for (const k in data) {
@@ -302,15 +308,18 @@ const RESTController = {
         }
 
         const payloadString = JSON.stringify(payload);
-        return RESTController.ajax(method, url, payloadString, {}, options).then(
-          ({ response, status, headers }) => {
-            if (options.returnStatus) {
-              return { ...response, _status: status, _headers: headers };
-            } else {
-              return response;
-            }
+        return RESTController.ajax(method, url, payloadString, {}, options).then(async (result) => {
+          if (result.location) {
+            const newURL = getPath(result.location, path);
+            result = await RESTController.ajax(result.method, newURL, payloadString, {}, options);
+          }
+          const { response, status, headers } = result;
+          if (options.returnStatus) {
+            return { ...response, _status: status, _headers: headers };
+          } else {
+            return response;
           }
-        );
+        });
       })
       .catch(RESTController.handleError);
   },

src/__tests__/RESTController-test.js

@@ -433,4 +433,41 @@ describe('RESTController', () => {
       _SessionToken: '1234',
     });
   });
+
+  it('follows HTTP redirects for batch requests when using a custom SERVER_URL', async () => {
+    // Configure a reverse-proxy style SERVER_URL
+    CoreManager.set('SERVER_URL', 'http://test.host/api');
+
+    // Prepare a minimal batch payload
+    const batchData = {
+      requests: [{
+        method: 'POST',
+        path: '/classes/TestObject',
+        body: { foo: 'bar' }
+      }]
+    };
+
+    // First response: 301 redirect to /parse/batch; second: successful response
+    mockFetch(
+      [
+        { status: 301, response: {} },
+        { status: 200, response: { success: true } }
+      ],
+      { location: 'http://test.host/parse/' }
+    );
+
+    // Issue the batch request
+    const result = await RESTController.request('POST', 'batch', batchData);
+
+    // We expect two fetch calls: one to the original URL, then one to the Location header
+    expect(fetch.mock.calls.length).toBe(2);
+    expect(fetch.mock.calls[0][0]).toEqual('http://test.host/api/batch');
+    expect(fetch.mock.calls[1][0]).toEqual('http://test.host/parse/batch');
+
+    // The final result should be the JSON from the second (successful) response
+    expect(result).toEqual({ success: true });
+
+    // Clean up the custom SERVER_URL
+    CoreManager.set('SERVER_URL', undefined);
+  });
 });