Skip to content

Commit

Permalink
fix: formatting redirect url on http(s) protocol url (koajs#1804)
Browse files Browse the repository at this point in the history
closes koajs#1800

pick from koajs#1803
  • Loading branch information
fengmk2 authored and etroynov committed Apr 1, 2024
1 parent 66e2890 commit 69932e3
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 6 deletions.
19 changes: 13 additions & 6 deletions __tests__/response/redirect.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,14 @@ describe('ctx.redirect(url)', () => {
it('should redirect to the given url', () => {
const ctx = context()
ctx.redirect('http://google.com')
assert.strictEqual(ctx.response.header.location, 'http://google.com')
assert.strictEqual(ctx.response.header.location, 'http://google.com/')
assert.strictEqual(ctx.status, 302)
})

it('should formatting url before redirect', () => {
const ctx = context()
ctx.redirect('http://google.com\\@apple.com')
assert.strictEqual(ctx.response.header.location, 'http://google.com/@apple.com')
assert.strictEqual(ctx.status, 302)
})

Expand Down Expand Up @@ -61,7 +68,7 @@ describe('ctx.redirect(url)', () => {
describe('when html is accepted', () => {
it('should respond with html', () => {
const ctx = context()
const url = 'http://google.com'
const url = 'http://google.com/'
ctx.header.accept = 'text/html'
ctx.redirect(url)
assert.strictEqual(ctx.response.header['content-type'], 'text/html; charset=utf-8')
Expand All @@ -85,7 +92,7 @@ describe('ctx.redirect(url)', () => {
const url = 'http://google.com'
ctx.header.accept = 'text/plain'
ctx.redirect(url)
assert.strictEqual(ctx.body, `Redirecting to ${url}.`)
assert.strictEqual(ctx.body, `Redirecting to ${url}/.`)
})
})

Expand All @@ -97,7 +104,7 @@ describe('ctx.redirect(url)', () => {
ctx.header.accept = 'text/plain'
ctx.redirect('http://google.com')
assert.strictEqual(ctx.status, 301)
assert.strictEqual(ctx.body, `Redirecting to ${url}.`)
assert.strictEqual(ctx.body, `Redirecting to ${url}/.`)
})
})

Expand All @@ -109,7 +116,7 @@ describe('ctx.redirect(url)', () => {
ctx.header.accept = 'text/plain'
ctx.redirect('http://google.com')
assert.strictEqual(ctx.status, 302)
assert.strictEqual(ctx.body, `Redirecting to ${url}.`)
assert.strictEqual(ctx.body, `Redirecting to ${url}/.`)
})
})

Expand All @@ -121,7 +128,7 @@ describe('ctx.redirect(url)', () => {
ctx.header.accept = 'text/plain'
ctx.redirect('http://google.com')
assert.strictEqual(ctx.status, 302)
assert.strictEqual(ctx.body, `Redirecting to ${url}.`)
assert.strictEqual(ctx.body, `Redirecting to ${url}/.`)
assert.strictEqual(ctx.type, 'text/plain')
})
})
Expand Down
4 changes: 4 additions & 0 deletions lib/response.js
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,10 @@ module.exports = {
redirect (url, alt) {
// location
if (url === 'back') url = this.ctx.get('Referrer') || alt || '/'
if (url.startsWith('https://') || url.startsWith('http://')) {
// formatting url again avoid security escapes
url = new URL(url).toString()
}
this.set('Location', encodeUrl(url))

// status
Expand Down

0 comments on commit 69932e3

Please sign in to comment.