fix: handle upper case protocol like HTTP or HTTPS (koajs#1805)

FDrag0n · fengmk2 · etroynov · commit 14db9f26074a · 2024-04-01T13:07:46.000+02:00
Co-authored-by: fengmk2 &lt;suqian.yf@antgroup.com&gt;
diff --git a/__tests__/response/redirect.js b/__tests__/response/redirect.js
@@ -20,6 +20,13 @@ describe('ctx.redirect(url)', () => {
     assert.strictEqual(ctx.status, 302)
   })
 
+  it('should formatting url before redirect', () => {
+    const ctx = context()
+    ctx.redirect('HTTP://google.com\\@apple.com')
+    assert.strictEqual(ctx.response.header.location, 'http://google.com/@apple.com')
+    assert.strictEqual(ctx.status, 302)
+  })
+
   it('should auto fix not encode url', done => {
     const app = new Koa()
 
diff --git a/lib/response.js b/lib/response.js
@@ -266,7 +266,7 @@ module.exports = {
   redirect (url, alt) {
     // location
     if (url === 'back') url = this.ctx.get('Referrer') || alt || '/'
-    if (url.startsWith('https://') || url.startsWith('http://')) {
+    if (/^https?:\/\//i.test(url)) {
       // formatting url again avoid security escapes
       url = new URL(url).toString()
     }

Original file line number	Diff line number	Diff line change
`@@ -266,7 +266,7 @@ module.exports = {`
`266`	`266`	`redirect (url, alt) {`
`267`	`267`	`// location`
`268`	`268`	`if (url === 'back') url = this.ctx.get('Referrer') \|\| alt \|\| '/'`
`269`		`- if (url.startsWith('https://') \|\| url.startsWith('http://')) {`
	`269`	`+ if (/^https?:\/\//i.test(url)) {`
`270`	`270`	`// formatting url again avoid security escapes`
`271`	`271`	`url = new URL(url).toString()`
`272`	`272`	`}`