From 185e701a8a1a1277d7df976a0598b7a27ebc789e Mon Sep 17 00:00:00 2001
From: FDrag0n <34733637+FDrag0n@users.noreply.github.com>
Date: Thu, 21 Mar 2024 16:23:36 +0800
Subject: [PATCH] fix: handle upper case protocol like HTTP or HTTPS (#1805)

Co-authored-by: fengmk2 <suqian.yf@antgroup.com>
---
 __tests__/response/redirect.js | 7 +++++++
 lib/response.js                | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/__tests__/response/redirect.js b/__tests__/response/redirect.js
index 0d257c8be..cdd234270 100644
--- a/__tests__/response/redirect.js
+++ b/__tests__/response/redirect.js
@@ -20,6 +20,13 @@ describe('ctx.redirect(url)', () => {
     assert.strictEqual(ctx.status, 302)
   })
 
+  it('should formatting url before redirect', () => {
+    const ctx = context()
+    ctx.redirect('HTTP://google.com\\@apple.com')
+    assert.strictEqual(ctx.response.header.location, 'http://google.com/@apple.com')
+    assert.strictEqual(ctx.status, 302)
+  })
+
   it('should auto fix not encode url', done => {
     const app = new Koa()
 
diff --git a/lib/response.js b/lib/response.js
index fbfe303e3..cbe587142 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -266,7 +266,7 @@ module.exports = {
   redirect (url, alt) {
     // location
     if (url === 'back') url = this.ctx.get('Referrer') || alt || '/'
-    if (url.startsWith('https://') || url.startsWith('http://')) {
+    if (/^https?:\/\//i.test(url)) {
       // formatting url again avoid security escapes
       url = new URL(url).toString()
     }