SOAP Envelope Namespace Hardcoded -> Non-Standard SOAP Messages Fail to Parse

[ndodanliesarj]

Versions Affected: >= 1.4.0 (works in 1.3.0, broken in 1.4.0)
Environment: Node.js 22, Express

Summary

After upgrading from 0.43.0 → 1.6.x, SOAP messages sent by our system stopped parsing correctly.

The root cause is that the library hardcodes ENV_URI = 'http://schemas.xmlsoap.org/soap/envelope/', and treats only this namespace as a valid SOAP envelope.

However, our system sends SOAP 1.2 envelopes:

http://www.w3.org/2003/05/soap-envelope

When the incoming XML uses a different namespace, onopentag never recognizes <Envelope>, <Header>, or <Body>, causing the entire SOAP body to fail parsing.

In v1.3.0 this did not happen.

Example Broken Incoming Message

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
  <soap:Header>...</soap:Header>
  <soap:Body>...</soap:Body>
</soap:Envelope>

node-soap expects only:

http://schemas.xmlsoap.org/soap/envelope/

This is why previously parsed integers (s:int) are now returned as "1" etc(for our case).

Exact Location of the Problem

Inside the SAX open-tag handler (simplified):

const ENV_URI = 'http://schemas.xmlsoap.org/soap/envelope/';

...

if (!objectName && xmlns[envPrefix] && top.name === 'Body' && name !== 'Fault') {...}

Expected Behavior
The library should accept both SOAP 1.1 and SOAP 1.2 envelope namespaces or allow overriding via options.

Valid URIs:

http://schemas.xmlsoap.org/soap/envelope/     (SOAP 1.1)
http://www.w3.org/2003/05/soap-envelope       (SOAP 1.2)

Or provide a configuration option:

{ acceptedEnvelopeURIs: [...] }

[smokhov]

While we need to check what happened between 1.3.0 and 1.4.0, there are options to override and accept SOAP 1.2 headers as well as arbitrary overriding of namespaces. There is a WSDL option "forceSoap12Headers (boolean): Enable SOAP 1.2 compliance". There is also a test:

node-soap/test/server-options-test.js

Line 480 in b25d822

it('should return a SOAP 12 envelope when headers are forced', function (done) {

IIRC, what's in ENV_URI was previously hardcoded directly inline before, so that change would not make it worse than it was before the change, but need to see if a test was missed.

[w666]

@ndodanliesarj

Could you provide example XML payload and WSDL files. If you can't provide them due to IP issues you can try to simply it so we still can replicate the problem. Thanks.

[w666]

@ndodanliesarj

This change 9fd9eca may be related to the issue, could you try to revert it or apply this patch locally

diff --git a/src/wsdl/index.ts b/src/wsdl/index.ts
index 5565d41..fa98bb7 100644
--- a/src/wsdl/index.ts
+++ b/src/wsdl/index.ts
@@ -257,7 +257,7 @@ export class WSDL {
           if (value === XSI_URI) {
               xsiPrefixes.set(name, value);
           }
-          if (value === ENV_URI) {
+          else if (value === ENV_URI) {
               envPrefix = name;
           }
           continue;

or just remove this bit