Make event.url consistent across platforms (URL vs path) #719
Comments
|
Maybe just changing this line would be enough to fix it temporarily We don't really care about the actual value here, we could replace it with something like http://n (same way next is doing it in some places)
I think a more permanent fix would be to ensure that url always have a protocol and an host (that we could replace by dummy values if we can't infer them ). We probably need to change a bunch of things in the routing layer (and the converters) for this to work |
|
IIUC, I don't think that would help? 
|
|
Ho sorry, yeah, we'll need to change the if below as well (i.e. |
|
I don't think that would work as |
|
Ho yeah nevermind. |
Would that defeat "The issue we had with that is that by using trailing slash redirect stuff, an attacker could trigger a redirect to an external url"? (i.e. make the test useless). |
|
I don't really understand how an attacker would forge |
|
It should still work as expected for this specific usecase, this is the original issue : #355 |
Is probably the next step for this bug |
We have an issue with trailing slashes, see opennextjs/opennextjs-cloudflare#312
The reason why this doesn't work is this code:
opennextjs-aws/packages/open-next/src/core/routing/matcher.ts
Lines 258 to 269 in 14b8182
in cloudflare,
event.urlishttp://localhost:8787/...sourl.host !== "localhost"is true (thehostislocalhost:8787).I think that
event.urlis not usually an URL but a path in@opennextjs/aws.However in
@opennextjs/cloudflare,event.urlis actually an URL.See also this code in
cloudflare-node.ts:opennextjs-aws/packages/open-next/src/overrides/wrappers/cloudflare-node.ts
Lines 33 to 38 in 14b8182
@conico974 do you have an idea on how to best fix this?
Thanks!
The text was updated successfully, but these errors were encountered: