Skip to content

Commit

Permalink
fix(contentful): createUrl now enforces https protocol (#33236)
Browse files Browse the repository at this point in the history
Co-authored-by: Ward Peeters <ward@coding-tech.com>
  • Loading branch information
axe312ger and wardpeet authored Sep 20, 2021
1 parent 4221f54 commit e166cfc
Show file tree
Hide file tree
Showing 6 changed files with 314 additions and 362 deletions.
1 change: 0 additions & 1 deletion packages/gatsby-source-contentful/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@
"lodash": "^4.17.21",
"node-fetch": "^2.6.1",
"p-queue": "^6.6.2",
"qs": "^6.10.1",
"retry-axios": "^2.4.0"
},
"devDependencies": {
Expand Down

This file was deleted.

332 changes: 300 additions & 32 deletions packages/gatsby-source-contentful/src/__tests__/extend-node-type.js

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
const { createRemoteFileNode } = require(`gatsby-source-filesystem`)
const { createUrl } = require(`./extend-node-type`)

/**
* @name distributeWorkload
Expand Down Expand Up @@ -64,7 +65,7 @@ const downloadContentfulAssets = async gatsbyFunctions => {
)
return Promise.resolve()
}
const url = `https://${node.file.url.slice(2)}`
const url = createUrl(node.file.url)

// Avoid downloading the asset again if it's been cached
// Note: Contentful Assets do not provide useful metadata
Expand Down
15 changes: 11 additions & 4 deletions packages/gatsby-source-contentful/src/extend-node-type.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
const fs = require(`fs`)
const path = require(`path`)
const crypto = require(`crypto`)
const { URLSearchParams } = require(`url`)

const sortBy = require(`lodash/sortBy`)
const {
Expand All @@ -14,7 +15,6 @@ const {
GraphQLJSON,
GraphQLList,
} = require(`gatsby/graphql`)
const qs = require(`qs`)
const { stripIndent } = require(`common-tags`)

const cacheImage = require(`./cache-image`)
Expand Down Expand Up @@ -86,7 +86,8 @@ const getBase64Image = (imageProps, reporter) => {
width: 20,
height: Math.floor(20 * aspectRatio),
}
const requestUrl = `https:${createUrl(imageProps.baseUrl, imageOptions)}`

const requestUrl = createUrl(imageProps.baseUrl, imageOptions)

// Prefer to return data sync if we already have it
const alreadyFetched = resolvedBase64Cache.get(requestUrl)
Expand Down Expand Up @@ -197,8 +198,14 @@ const createUrl = (imgUrl, options = {}) => {
r: cornerRadius || undefined,
}

// Note: qs will ignore keys that are `undefined`. `qs.stringify({a: undefined, b: null, c: 1})` => `b=&c=1`
return `${imgUrl}?${qs.stringify(urlArgs)}`
const searchParams = new URLSearchParams()
for (const paramKey in urlArgs) {
if (typeof urlArgs[paramKey] !== `undefined`) {
searchParams.append(paramKey, urlArgs[paramKey] ?? ``)
}
}

return `https:${imgUrl}?${searchParams.toString()}`
}
exports.createUrl = createUrl

Expand Down
2 changes: 1 addition & 1 deletion yarn.lock
Original file line number Diff line number Diff line change
Expand Up @@ -21113,7 +21113,7 @@ qs@6.7.0:
resolved "https://registry.yarnpkg.com/qs/-/qs-6.7.0.tgz#41dc1a015e3d581f1621776be31afb2876a9b1bc"
integrity sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ==

qs@^6.1.0, qs@^6.10.1, qs@^6.4.0, qs@^6.5.1, qs@^6.5.2, qs@^6.9.4:
qs@^6.1.0, qs@^6.4.0, qs@^6.5.1, qs@^6.5.2, qs@^6.9.4:
version "6.10.1"
resolved "https://registry.yarnpkg.com/qs/-/qs-6.10.1.tgz#4931482fa8d647a5aab799c5271d2133b981fb6a"
integrity sha512-M528Hph6wsSVOBiYUnGf+K/7w0hNshs/duGsNXPUCLH5XAqjEtiPGwNONLV0tBH8NoGb0mvD5JubnUTrujKDTg==
Expand Down

0 comments on commit e166cfc

Please sign in to comment.