express
Advanced tools
Comparing version 4.18.3 to 4.19.0
@@ -37,2 +37,3 @@ /*! | ||
var vary = require('vary'); | ||
var urlParse = require('url').parse; | ||
@@ -915,4 +916,21 @@ /** | ||
var lowerLoc = loc.toLowerCase(); | ||
var encodedUrl = encodeUrl(loc); | ||
if (lowerLoc.indexOf('https://') === 0 || lowerLoc.indexOf('http://') === 0) { | ||
try { | ||
var parsedUrl = urlParse(loc); | ||
var parsedEncodedUrl = urlParse(encodedUrl); | ||
// Because this can encode the host, check that we did not change the host | ||
if (parsedUrl.host !== parsedEncodedUrl.host) { | ||
// If the host changes after encodeUrl, return the original url | ||
return this.set('Location', loc); | ||
} | ||
} catch (e) { | ||
// If parse fails, return the original url | ||
return this.set('Location', loc); | ||
} | ||
} | ||
// set location | ||
return this.set('Location', encodeUrl(loc)); | ||
return this.set('Location', encodedUrl); | ||
}; | ||
@@ -919,0 +937,0 @@ |
{ | ||
"name": "express", | ||
"description": "Fast, unopinionated, minimalist web framework", | ||
"version": "4.18.3", | ||
"version": "4.19.0", | ||
"author": "TJ Holowaychuk <tj@vision-media.ca>", | ||
@@ -36,3 +36,3 @@ "contributors": [ | ||
"content-type": "~1.0.4", | ||
"cookie": "0.5.0", | ||
"cookie": "0.6.0", | ||
"cookie-signature": "1.0.6", | ||
@@ -39,0 +39,0 @@ "debug": "2.6.9", |
Sorry, the diff of this file is too big to display
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
214897
3485
+ Addedcookie@0.6.0(transitive)
- Removedcookie@0.5.0(transitive)
Updatedcookie@0.6.0