From c20fac1a83d8782b873f4355e21aa6b7528116d8 Mon Sep 17 00:00:00 2001 From: Carlos Daniel Vilaseca Date: Wed, 27 Mar 2024 22:29:13 +0000 Subject: [PATCH 1/2] fix: possible invalid url in createActionURL --- packages/core/src/lib/utils/env.ts | 5 +-- packages/core/test/env.test.ts | 52 +++++++++++++++++++++++++++++- 2 files changed, 54 insertions(+), 3 deletions(-) diff --git a/packages/core/src/lib/utils/env.ts b/packages/core/src/lib/utils/env.ts index 0422bb476e..fab73176ff 100644 --- a/packages/core/src/lib/utils/env.ts +++ b/packages/core/src/lib/utils/env.ts @@ -76,8 +76,9 @@ export function createActionURL( const detectedHost = headers.get("x-forwarded-host") ?? headers.get("host") const detectedProtocol = headers.get("x-forwarded-proto") ?? protocol ?? "https" - - url = new URL(`${detectedProtocol}://${detectedHost}`) + const _protocol = detectedProtocol.endsWith(":") ? detectedProtocol : detectedProtocol + ':' + + url = new URL(`${_protocol}//${detectedHost}`) } // remove trailing slash diff --git a/packages/core/test/env.test.ts b/packages/core/test/env.test.ts index f55f843b9f..2937559e12 100644 --- a/packages/core/test/env.test.ts +++ b/packages/core/test/env.test.ts @@ -108,7 +108,7 @@ describe("config is inferred from environment variables", () => { }) describe("createActionURL", () => { - const consoleWarnSpy = vi.spyOn(console, "warn").mockImplementation(() => { }) + const consoleWarnSpy = vi.spyOn(console, "warn").mockImplementation(() => {}) afterEach(() => { consoleWarnSpy.mockClear() @@ -161,6 +161,56 @@ describe("createActionURL", () => { }, expected: "https://example.com/auth/signin", }, + { + args: { + action: "signin", + protocol: "http:", + headers: new Headers({ + "x-forwarded-host": "example.com", + }), + env: {}, + basePath: "/auth", + }, + expected: "http://example.com/auth/signin", + }, + { + args: { + action: "signin", + protocol: "https:", + headers: new Headers({ + "x-forwarded-host": "example.com", + }), + env: {}, + basePath: "/auth", + }, + expected: "https://example.com/auth/signin", + }, + { + args: { + action: "signin", + protocol: undefined, + headers: new Headers({ + "x-forwarded-host": "example.com", + "x-forwarded-proto": "https:", + }), + env: {}, + basePath: "/auth", + }, + expected: "https://example.com/auth/signin", + }, + { + args: { + action: "signin", + protocol: undefined, + headers: new Headers({ + "x-forwarded-host": "example.com", + "x-forwarded-proto": "http:", + }), + env: {}, + basePath: "/auth", + }, + expected: "http://example.com/auth/signin", + }, { args: { action: "signout", From a751183c120730e091223aec68f07be398a1842c Mon Sep 17 00:00:00 2001 From: Carlos Daniel Vilaseca Date: Sun, 31 Mar 2024 03:02:34 +0000 Subject: [PATCH 2/2] fix: x-forwarded-proto goes without colon --- packages/core/test/env.test.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/core/test/env.test.ts b/packages/core/test/env.test.ts index 2937559e12..78a03c18ff 100644 --- a/packages/core/test/env.test.ts +++ b/packages/core/test/env.test.ts @@ -191,7 +191,7 @@ describe("createActionURL", () => { protocol: undefined, headers: new Headers({ "x-forwarded-host": "example.com", - "x-forwarded-proto": "https:", + "x-forwarded-proto": "https", }), env: {}, basePath: "/auth", @@ -204,7 +204,7 @@ describe("createActionURL", () => { protocol: undefined, headers: new Headers({ "x-forwarded-host": "example.com", - "x-forwarded-proto": "http:", + "x-forwarded-proto": "http", }), env: {}, basePath: "/auth",