Skip to content

fix: use relative path in native contract redirect#471

Merged
0237h merged 1 commit intomainfrom
fix/native-redirect-scheme
Apr 15, 2026
Merged

fix: use relative path in native contract redirect#471
0237h merged 1 commit intomainfrom
fix/native-redirect-scheme

Conversation

@0237h
Copy link
Copy Markdown
Collaborator

@0237h 0237h commented Apr 15, 2026

Summary

  • Native contract/mint redirect middleware used the full request URL (including scheme) for the redirect target
  • Behind a reverse proxy, the internal URL uses http://, causing the 302 redirect to downgrade clients from https:// to http://
  • Fix: use relative path + query string only for the redirect, preserving the client's original scheme

Affects both EVM (nativeContractRedirect) and SVM (nativeMintRedirect).

🤖 Generated with Claude Code

@0237h @claude
fix: use relative path in native contract redirect to avoid http sche…
b8ef805 
…me leak

Behind a reverse proxy, c.req.url uses the internal http:// scheme.
Redirecting with the full URL causes clients to follow an http link
instead of https. Use pathname + query only for the redirect target.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@YaroShkvorets YaroShkvorets temporarily deployed to fix/native-redirect-scheme - token-api PR #471 April 15, 2026 16:16 — with Render Destroyed
@0237h 0237h requested a review from Copilot April 15, 2026 16:16
Copilot AI reviewed Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the native-address redirect middleware to avoid scheme downgrades when running behind a reverse proxy by redirecting to a relative URL (path + query) instead of a fully-qualified URL.

Changes:

  • Build redirect targets as ${pathname}/native plus the remaining query string (no scheme/host) for both EVM and SVM middleware.
  • Extend middleware tests to assert redirects are relative and add test coverage for nativeMintRedirect.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
src/middleware/nativeContractRedirect.ts Switch redirect target construction to relative URLs for both nativeContractRedirect (EVM) and nativeMintRedirect (SVM).
src/middleware/nativeContractRedirect.spec.ts Add assertions that redirects do not include scheme/host and add new tests for nativeMintRedirect.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@0237h 0237h merged commit 4e47a3a into main Apr 15, 2026
6 of 7 checks passed
@0237h 0237h deleted the fix/native-redirect-scheme branch April 15, 2026 16:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@0237h @YaroShkvorets