fix: handle upper case protocol like HTTP or HTTPS (#1806)

fengmk2 · FDrag0n · web-flow · commit 94e8def4bf6a · 2024-03-21T16:36:13.000+08:00
pick from #1805 Co-authored-by: FDrag0n <34733637+FDrag0n@users.noreply.github.com>
diff --git a/__tests__/response/redirect.js b/__tests__/response/redirect.js
@@ -21,6 +21,13 @@ describe('ctx.redirect(url)', () => {
     assert.strictEqual(ctx.status, 302);
   });
 
+  it('should formatting url before redirect', () => {
+    const ctx = context();
+    ctx.redirect('HTTP://google.com\\@apple.coM/okoK');
+    assert.strictEqual(ctx.response.header.location, 'http://google.com/@apple.coM/okoK');
+    assert.strictEqual(ctx.status, 302);
+  });
+
   it('should auto fix not encode url', done => {
     const app = new Koa();
 
diff --git a/lib/response.js b/lib/response.js
@@ -261,7 +261,7 @@ module.exports = {
   redirect(url, alt) {
     // location
     if ('back' === url) url = this.ctx.get('Referrer') || alt || '/';
-    if (url.startsWith('https://') || url.startsWith('http://')) {
+    if (/^https?:\/\//i.test(url)) {
       // formatting url again avoid security escapes
       url = new URL(url).toString();
     }

Original file line number	Diff line number	Diff line change
`@@ -261,7 +261,7 @@ module.exports = {`
`261`	`261`	`redirect(url, alt) {`
`262`	`262`	`// location`
`263`	`263`	`if ('back' === url) url = this.ctx.get('Referrer') \|\| alt \|\| '/';`
`264`		`- if (url.startsWith('https://') \|\| url.startsWith('http://')) {`
	`264`	`+ if (/^https?:\/\//i.test(url)) {`
`265`	`265`	`// formatting url again avoid security escapes`
`266`	`266`	`url = new URL(url).toString();`
`267`	`267`	`}`