fix(route-rules): prevent open redirect via protocol-relative url bypass

Backport of #4236 (GHSA-9phm-9p8f-hw5m).

A leading `//` after the wildcard prefix (e.g. `/legacy//evil.com`
matched by `/legacy/**: { redirect: "/**" }`) was emitted verbatim,
yielding a protocol-relative `Location: //evil.com` that browsers
resolve against the current scheme. The proxy rule had the symmetric
issue.

Bumps `ufo` to `^1.6.4` (collapses leading slashes inside `withoutBase`)
and adds an inline collapse for the edge case where the rule itself is
`/**` and `_*StripBase` is empty.

Author: pi0

package.json

@@ -155,7 +155,7 @@
     "serve-static": "^2.2.1",
     "source-map": "^0.7.6",
     "std-env": "^4.0.0",
-    "ufo": "^1.6.3",
+    "ufo": "^1.6.4",
     "ultrahtml": "^1.6.0",
     "uncrypto": "^0.1.3",
     "unctx": "^2.5.0",

pnpm-lock.yaml

@@ -39,6 +39,8 @@ export function createRouteRulesHandler(ctx: {
             throw createError({ statusCode: 400 });
           }
           targetPath = withoutBase(targetPath, strpBase);
+        } else if (targetPath.startsWith("//")) {
+          targetPath = targetPath.replace(/^\/+/, "/");
         }
         target = joinURL(target.slice(0, -3), targetPath);
       } else if (event.path.includes("?")) {
@@ -58,6 +60,8 @@ export function createRouteRulesHandler(ctx: {
             throw createError({ statusCode: 400 });
           }
           targetPath = withoutBase(targetPath, strpBase);
+        } else if (targetPath.startsWith("//")) {
+          targetPath = targetPath.replace(/^\/+/, "/");
         }
         target = joinURL(target.slice(0, -3), targetPath);
       } else if (event.path.includes("?")) {

src/runtime/internal/route-rules.ts

@@ -100,13 +100,15 @@ export default defineNitroConfig({
       redirect: { to: "https://nitro.build/", statusCode: 308 },
     },
     "/rules/redirect/wildcard/**": { redirect: "https://nitro.build/**" },
+    "/rules/redirect/legacy/**": { redirect: "/**" },
     "/rules/nested/**": { redirect: "/base", headers: { "x-test": "test" } },
     "/rules/nested/override": { redirect: { to: "/other" } },
     "/rules/_/noncached/cached": { swr: true },
     "/rules/_/noncached/**": { swr: false, cache: false, isr: false },
     "/rules/_/cached/noncached": { cache: false, swr: false, isr: false },
     "/rules/_/cached/**": { swr: true },
     "/api/proxy/**": { proxy: "/api/echo" },
+    "/rules/proxy/legacy/**": { proxy: "/api/wildcard/**" },
     "/build/**": { headers: { "x-build-header": "works" } },
     "**": { headers: { "x-test": "test" } },
   },

test/fixture/nitro.config.ts

@@ -58,6 +58,7 @@ describe("nitro:preset:netlify-legacy", async () => {
 
         expect(redirects).toMatchInlineSnapshot(`
         "/rules/nested/override	/other	302
+        /rules/redirect/legacy/*	/:splat	302
         /rules/redirect/wildcard/*	https://nitro.build/:splat	302
         /rules/redirect/obj	https://nitro.build/	301
         /rules/nested/*	/base	302

test/presets/netlify-legacy.test.ts

@@ -47,6 +47,7 @@ describe("nitro:preset:netlify", async () => {
 
         expect(redirects).toMatchInlineSnapshot(`
         "/rules/nested/override	/other	302
+        /rules/redirect/legacy/*	/:splat	302
         /rules/redirect/wildcard/*	https://nitro.build/:splat	302
         /rules/redirect/obj	https://nitro.build/	301
         /rules/nested/*	/base	302

test/presets/netlify.test.ts

@@ -53,6 +53,13 @@ describe("nitro:preset:vercel", async () => {
                 "src": "/rules/redirect/wildcard/(.*)",
                 "status": 307,
               },
+              {
+                "headers": {
+                  "Location": "/$1",
+                },
+                "src": "/rules/redirect/legacy/(.*)",
+                "status": 307,
+              },
               {
                 "headers": {
                   "Location": "/other",

test/presets/vercel.test.ts

@@ -284,6 +284,15 @@ export function testNitro(
     });
     expect(wildcard.status).toBe(307);
     expect(wildcard.headers.location).toBe("https://nitro.build/nuxt");
+
+    // Regression test for GHSA-9phm-9p8f-hw5m: a leading `//` after the
+    // wildcard prefix must not be forwarded as a protocol-relative URL.
+    const legacy = await callHandler({
+      url: "/rules/redirect/legacy//evil.com",
+    });
+    expect(legacy.status).toBe(307);
+    expect(legacy.headers.location).not.toMatch(/^\/\//);
+    expect(legacy.headers.location).toBe("/evil.com");
   });
 
   it("binary response", async () => {
@@ -552,6 +561,15 @@ export function testNitro(
     expect(data.url).toBe("/api/echo?foo=bar");
   });
 
+  it("runtime proxy collapses leading slashes after wildcard prefix", async () => {
+    // Regression test for GHSA-9phm-9p8f-hw5m: a leading `//` after the
+    // wildcard prefix must not be forwarded verbatim to the upstream.
+    const { data } = await callHandler({
+      url: "/rules/proxy/legacy//evil.com",
+    });
+    expect(data).toBe("evil.com");
+  });
+
   it.skipIf(ctx.preset === "bun" /* TODO */)("stream", async () => {
     const { data } = await callHandler({
       url: "/stream",