node-http-proxy icon indicating copy to clipboard operation
node-http-proxy copied to clipboard
verified publisher icon http-party

Removal of multiple slashes in url

Open luke- opened this issue 10 years ago • 10 comments

If an url contains multiple slashes like /test**//_test2 it will be automatically converted to /test/**_test2 before proxing.

Is this a bug or feature? If it's a feature, is it possible to disable this? :-)

luke- avatar Feb 15 '15 08:02 luke-

I changed

https://github.com/nodejitsu/node-http-proxy/blob/master/lib/http-proxy/common.js#L82

to

outgoing.path = (targetPath !== '') ? common.urlJoin(targetPath, outgoingPath) : outgoingPath;

Now it works for me, but I think the problem still exists when prependPath is enabled.

luke- avatar Feb 15 '15 09:02 luke-

@luke- There are some old issues where we had a lot of people complaining about double slashes which is why the urlJoin method was created. Could you give me the example your using which currently fails? I'd like to cover all the cases as cleanly as possible. Showing me in the form of a test case would be great :smile:

jcrugzz avatar Feb 17 '15 17:02 jcrugzz

@jcrugzz Imo the the proxy itself shouldn't modify the url, also when it's strange :-) My problem was related to a web app which uses path style parameters e.g.http://example.com/controller/action/param1/value1/param2/value2 if value1 is empty in a special case the produced url was http://example.com/controller/action/param1//param2/value2 which couldn't proxied.

luke- avatar Feb 19 '15 14:02 luke-

Another problem is that url.parse('http://something.com/foo/bar?next_url=http://something.com/baz') results in:

{ protocol: 'http:',
  slashes: true,
  auth: null,
  host: 'something.com',
  port: null,
  hostname: 'something.com',
  hash: null,
  search: '?next_url=http://something.com/baz',
  query: 'next_url=http://something.com/baz',
  pathname: '/foo/bar',
  path: '/foo/bar?next_url=http://something.com/baz',
  href: 'http://something.com/foo/bar?next_url=http://something.com/baz' }

Notice that the path contains the querystring. The logic that does double slash replacement mucks up the http:// in the querystring and turns it into http:/.

RFC-3986 section on Query states that / is an allowed character in the query string so it does not need to be percent escaped. The replace code in question should not touch these slashes.

parente avatar Jun 25 '15 16:06 parente

@parente if you can wire up a failing test for me in the tests ill take a stab at making this work for all cases

jcrugzz avatar Jun 25 '15 16:06 jcrugzz

I'll take a crack at a test. I do need to amend my comment above, however: the code does special case the correction of :// in the query string after replacing // to /. But other cases like comment=//testing will still break.

parente avatar Jun 28 '15 01:06 parente

Is this issue still waiting on a failing test case ?

dlandis avatar Jul 28 '17 23:07 dlandis

I faced the same issue: target server that I'm trying to proxy to accepts double slashes

What I'm not following is why after applying Boolean filter you still want to apply regex

  //
  // Join all strings, but remove empty strings so we don't get extra slashes from
  // joining e.g. ['', 'am']
  //
  retSegs = [
    args.filter(Boolean).join('/')
        .replace(/\/+/g, '/')
        .replace('http:/', 'http://')
        .replace('https:/', 'https://')
  ];

Comment explicitly states, that below piece of code wants to remove empty string, and Boolean filter does this

betalb avatar Aug 06 '17 21:08 betalb

Possible fix and test case - https://github.com/http-party/node-http-proxy/pull/1487

imagekitio avatar Nov 23 '20 07:11 imagekitio

I just encountered this issue proxy-ing this request:

curl 'localhost:5173/api/cas/sha256-BMB+QrCK1JZa220ajSr2U6gfUsugun//Dbn+uMj/h7w='

cablehead avatar Oct 30 '24 21:10 cablehead