Skip to content
Permalink
Browse files

url: drop auth in `url.resolve()` if host changes

Fixes: #1435
PR-URL: #1480
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
  • Loading branch information...
rlidwka authored and jasnell committed Apr 20, 2015
1 parent 3ee68f7 commit eb4201f07a1b1f430ddf4efad4f276f3088def97
Showing with 24 additions and 5 deletions.
  1. +9 −4 lib/url.js
  2. +15 −1 test/parallel/test-url.js
@@ -754,6 +754,7 @@ Url.prototype.resolveObject = function(relative) {
if (relative.protocol) {
relative.hostname = null;
relative.port = null;
result.auth = null;
if (relative.host) {
if (relPath[0] === '') relPath[0] = relative.host;
else relPath.unshift(relative.host);
@@ -765,10 +766,14 @@ Url.prototype.resolveObject = function(relative) {

if (isRelAbs) {
// it's absolute.
result.host = (relative.host || relative.host === '') ?
relative.host : result.host;
result.hostname = (relative.hostname || relative.hostname === '') ?
relative.hostname : result.hostname;
if (relative.host || relative.host === '') {
result.host = relative.host;
result.auth = null;
}
if (relative.hostname || relative.hostname === '') {
result.hostname = relative.hostname;
result.auth = null;
}
result.search = relative.search;
result.query = relative.query;
srcPath = relPath;
@@ -1538,7 +1538,21 @@ var relativeTests2 = [
//changeing auth
['http://diff:auth@www.example.com',
'http://asdf:qwer@www.example.com',
'http://diff:auth@www.example.com/']
'http://diff:auth@www.example.com/'],

// https://github.com/nodejs/node/issues/1435
['https://another.host.com/',
'https://user:password@example.org/',
'https://another.host.com/'],
['//another.host.com/',
'https://user:password@example.org/',
'https://another.host.com/'],
['http://another.host.com/',
'https://user:password@example.org/',
'http://another.host.com/'],
['mailto:another.host.com',
'mailto:user@example.org',
'mailto:another.host.com'],
];
relativeTests2.forEach(function(relativeTest) {
const a = url.resolve(relativeTest[1], relativeTest[0]);

0 comments on commit eb4201f

Please sign in to comment.
You can’t perform that action at this time.