fix: handle upper case protocol like HTTP or HTTPS (#1805)

Co-authored-by: fengmk2 <suqian.yf@antgroup.com>
2024-03-21 16:23:36 +08:00
parent 435534aa08
commit 185e701a8a
2 changed files with 8 additions and 1 deletions
--- a/tests/response/redirect.js
+++ b/tests/response/redirect.js
@@ -20,6 +20,13 @@ describe('ctx.redirect(url)', () => {
    assert.strictEqual(ctx.status, 302)
  })

+  it('should formatting url before redirect', () => {
+    const ctx = context()
+    ctx.redirect('HTTP://google.com\\@apple.com')
+    assert.strictEqual(ctx.response.header.location, 'http://google.com/@apple.com')
+    assert.strictEqual(ctx.status, 302)
+  })
+
  it('should auto fix not encode url', done => {
    const app = new Koa()

--- a/lib/response.js
+++ b/lib/response.js
@@ -266,7 +266,7 @@ module.exports = {
  redirect (url, alt) {
    // location
    if (url === 'back') url = this.ctx.get('Referrer') || alt || '/'
-    if (url.startsWith('https://') || url.startsWith('http://')) {
+    if (/^https?:\/\//i.test(url)) {
      // formatting url again avoid security escapes
      url = new URL(url).toString()
    }