Skip to content

fix: update Content-Type header when body is re-extracted on redirect #4704

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
brunorodmoreira wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: update Content-Type header when body is re-extracted on redirect #4704

brunorodmoreira wants to merge 1 commit into from

Conversation

@brunorodmoreira
Copy link

@brunorodmoreira brunorodmoreira commented Dec 17, 2025

This relates to...

Fixes #4065

Rationale

When a multipart/form-data POST request encounters a redirect (e.g., 307), the body is re-extracted via safelyExtractBody(), which generates a new boundary. The original code only captured the body [0] and discarded the new Content-Type [1], leaving the header with the stale boundary.

This fix captures the Content-Type returned by safelyExtractBody() and updates the request headers accordingly, ensuring the boundary in the header matches the boundary in the body.

Changes

Features

N/A

Bug Fixes

  • Update Content-Type header when body is re-extracted during redirect handling, ensuring the boundary in the header matches the boundary in the body.

Breaking Changes and Deprecations

N/A

Status

@brunorodmoreira
fix: update Content-Type header when body is re-extracted on redirect
c9bf8b7 
When a multipart/form-data POST request encounters a redirect (e.g., 307),
the body is re-extracted via safelyExtractBody(), which generates a new
boundary. Previously, only the body was captured and the new Content-Type
was discarded, leaving the header with the stale boundary.

This fix captures the Content-Type returned by safelyExtractBody() and
updates the request headers accordingly, ensuring the boundary in the
header matches the boundary in the body.

Fixes: nodejs#4065
@metcoder95 metcoder95 requested a review from KhafraDev December 18, 2025 07:46
KhafraDev
KhafraDev requested changes Dec 18, 2025
View reviewed changes
Copy link
Member

@KhafraDev KhafraDev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is likely a patch for a larger, still unfixed bug. Otherwise I would expect other implementations to have similar issues.

https://fetch.spec.whatwg.org/#http-redirect-fetch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KhafraDev KhafraDev KhafraDev requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Undici didn't update Content-Type header for multipart/form-data requests after following redirects which leads to mismatch in request body and header

2 participants

@brunorodmoreira @KhafraDev