fastify-static
Advanced tools
Comparing version 4.4.0 to 4.4.1
20
index.js
@@ -155,3 +155,7 @@ 'use strict' | ||
if (opts.redirect === true) { | ||
reply.redirect(301, getRedirectUrl(request.raw.url)) | ||
try { | ||
reply.redirect(301, getRedirectUrl(request.raw.url)) | ||
} catch (error) { | ||
reply.send(error) | ||
} | ||
} else { | ||
@@ -447,4 +451,14 @@ reply.callNotFound() | ||
function getRedirectUrl (url) { | ||
const parsed = new URL(url, 'http://localhost.com/') | ||
return parsed.pathname + (parsed.pathname[parsed.pathname.length - 1] !== '/' ? '/' : '') + (parsed.search || '') | ||
if (url.startsWith('//') || url.startsWith('/\\')) { | ||
// malicous redirect | ||
return '/' | ||
} | ||
try { | ||
const parsed = new URL(url, 'http://localhost.com/') | ||
return parsed.pathname + (parsed.pathname[parsed.pathname.length - 1] !== '/' ? '/' : '') + (parsed.search || '') | ||
} catch (error) { | ||
const err = new Error(`Invalid redirect URL: ${url}`) | ||
err.statusCode = 400 | ||
throw err | ||
} | ||
} | ||
@@ -451,0 +465,0 @@ |
{ | ||
"name": "fastify-static", | ||
"version": "4.4.0", | ||
"version": "4.4.1", | ||
"description": "Plugin for serving static files as fast as possible.", | ||
@@ -10,7 +10,7 @@ "main": "index.js", | ||
"lint:fix": "standard --fix", | ||
"unit": "tap test/*.test.js", | ||
"unit": "tap --no-check-coverage test/*.test.js", | ||
"typescript": "tsd", | ||
"test": "npm run lint && npm run unit && npm run typescript", | ||
"example": "node example/server.js", | ||
"coverage": "tap --cov --coverage-report=html test", | ||
"coverage": "tap --cov --coverage-report=html --no-check-coverage test", | ||
"coveralls": "tap test/*test.js test/*/*.test.js --cov" | ||
@@ -17,0 +17,0 @@ }, |
Sorry, the diff of this file is too big to display
346982
4252