Handle query params correctly for client app urls with no trailing slash #8120
Conversation
|
I'll add some tests for locale only urls to this. |
Codecov Report
@@ Coverage Diff @@
## master mozilla/addons-frontend#8120 +/- ##
=========================================
+ Coverage 98.09% 98.1% +<.01%
=========================================
Files 260 260
Lines 7363 7372 +9
Branches 1331 1333 +2
=========================================
+ Hits 7223 7232 +9
Misses 126 126
Partials 14 14
Continue to review full report at Codecov.
|
|
@willdurand this is ready for another look. |
| @@ -11,12 +11,14 @@ import { getLanguage, isValidLang } from 'core/i18n/utils'; | |||
| import log from 'core/logger'; | |||
|
|
|||
| export function prefixMiddleware(req, res, next, { _config = config } = {}) { | |||
| const URLParts = req.originalUrl.split('?'); | |||
There was a problem hiding this comment.
Could we name the two different parts?
const [path, queryString] = req.originalUrl.split('?');
There was a problem hiding this comment.
I thought about doing that, but it assumes there's 2 parts, and that's not an unreasonable assumption, but if the url had multiple ? we'd lose the later ones using destructuring. Should we throwaway data if a url contains that mistake?
See below for a possible solution.
| isApplicationFromHeader = true; | ||
| } | ||
|
|
||
| // Redirect to the new URL. | ||
| // For safety we'll deny a redirect to a URL starting with '//' since | ||
| // that will be treated as a protocol-free URL. | ||
| const newURL = `/${URLParts.join('/')}`; | ||
| URLParts[0] = `/${URLPathParts.join('/')}`; | ||
| const newURL = URLParts.join('?'); |
There was a problem hiding this comment.
If we have named variables for each url part, then we could build the url as is (I think):
const newURL = [`/${URLParts.join('/')}`, queryString].join('?');This reads a bit better, no?
There was a problem hiding this comment.
Except that in the case of there being no queryString you need to check for it being undefined via the destructuring.
Both of the issues with destructuring are solved if the second parameter is a spread:
function splitURL(url) {
const [path, ...queryString] = url.split('?');
const URLParts = path.replace(/^\//, '').split('/');
const newURL = [`/${URLParts.join('/')}`].concat(queryString).join('?');
return newURL;
}
// Sane Query string
console.log(splitURL('/foo/bar?foo=1'));
// Bad query string
console.log(splitURL('/foo/bar?foo=1?foo=2'));
// No query string
console.log(splitURL('/foo/bar'));Outputs:
/foo/bar?foo=1/foo/bar?foo=1?foo=2/foo/bar
There was a problem hiding this comment.
I'm not sure if that's more readable though...
There was a problem hiding this comment.
ah well, maybe not...
Is a URL with more than one ? valid? I thought this was not possible.
|
As discussed on irc merging as is, we can follow up as needed. |
Fixes mozilla/addons#13207
From local testing (to exercise both the prefix and the trailing slash middleware) this results in the following:
/android?foo=1=>/en-US/android/?foo=1/en-US/android?foo=1=>/en-US/android/?foo=1/en-US?foo=1=>/en-US/firefox/?foo=1