New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Navigating to http://localhost// causes a security exception #243
Comments
Well, either the browsers |
We should probably handle this on our side to keep consistent behavior between what happens with the History API and what happens when using the full refresh fallback. |
So close this issue and reopen remix-run/react-router#3168 ? |
No – it still needs to be handled on the Among other things, |
All I'm saying is we should probably just |
Via an |
I decided to handle this via a warning instead. We already warn about paths with protocols and/or domains attached. Protocol-relative URLs are just another case of the same problem. |
The drawback with only warning is that it doesn't account for weird URLs linking to your app or site. So we've had to patch this issue in our wrapper around |
@necolas What does your patch do? Do you try to guess the right URL and redirect? |
This is what we do: import { useRouterHistory } from 'react-router';
import createBrowserHistory from 'history/lib/createBrowserHistory';
import useScroll from '../scroll-behavior';
const REGEX_LEADING_SLASHES = /^\/\/+/;
/**
* Fixes relative paths with multiple leading slashes
*/
export const fixProtocolRelativeUrls = (history, location) => {
const { pathname, search, hash } = location;
if (pathname && REGEX_LEADING_SLASHES.test(pathname)) {
const normalizedPathname = pathname.replace(leadingSlashes, '/');
const newPath = normalizedPathname + search + hash;
history.replace(newPath);
}
};
let history;
const _createBrowserHistory = () => {
if (!history) {
history = useScroll(useRouterHistory(createBrowserHistory));
fixProtocolRelativeUrls(history, window.location);
}
return history;
};
export default _createBrowserHistory(); |
Originally from: remix-run/react-router#3168
When attempting to set pathname to "//" you will receive a security error similar to the following:
Uncaught SecurityError: Failed to execute 'replaceState' on 'History': A history state object with URL 'http:' cannot be created in a document with origin 'http://localhost'.
This is because it attempts to push // onto the history, which is interpreted as a scheme-relative URL.
The text was updated successfully, but these errors were encountered: