From f56ef132715362eba1a08449fa168f394aec216e Mon Sep 17 00:00:00 2001 From: Thom Espach Date: Wed, 20 Dec 2023 11:23:06 +0000 Subject: [PATCH] Rewrite download path URL to prevent URI clashes (#181) I have a suspicion that there are clashes with the URI routes because we already have static routes at /security/address-bar-spoofing/ which might be overriding the download-path URL. --- security/address-bar-spoofing/server/routes.js | 2 +- security/address-bar-spoofing/spoof-js-download-url.html | 2 +- server.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/security/address-bar-spoofing/server/routes.js b/security/address-bar-spoofing/server/routes.js index 4c279ca..0af2166 100644 --- a/security/address-bar-spoofing/server/routes.js +++ b/security/address-bar-spoofing/server/routes.js @@ -3,7 +3,7 @@ const router = express.Router(); // Returns a 301 redirect to a download link of our browser // for use in the download path test -router.get('/download-redirect', (req, res) => { +router.get('/', (req, res) => { res.redirect(301, 'https://staticcdn.duckduckgo.com/macos-desktop-browser/duckduckgo.dmg'); }); diff --git a/security/address-bar-spoofing/spoof-js-download-url.html b/security/address-bar-spoofing/spoof-js-download-url.html index a096bb5..508298b 100644 --- a/security/address-bar-spoofing/spoof-js-download-url.html +++ b/security/address-bar-spoofing/spoof-js-download-url.html @@ -11,7 +11,7 @@ const w = open() w.opener = null w.document.write('

Not DDG.

') - w.location = '/security/address-bar-spoofing/download-redirect' + w.location = '/security/address-bar-spoofing-download-redirect' } diff --git a/server.js b/server.js index 1a2460d..a562c5a 100644 --- a/server.js +++ b/server.js @@ -285,4 +285,4 @@ const viewportRoutes = require('./viewport/server/routes.js'); app.use('/viewport', viewportRoutes); const addressBarSpoofingRoutes = require('./security/address-bar-spoofing/server/routes.js'); -app.use('/security/address-bar-spoofing', addressBarSpoofingRoutes); +app.use('/security/address-bar-spoofing-download-redirect', addressBarSpoofingRoutes);