From 94e8def4bf6a2bdabe96583de989f03d75106648 Mon Sep 17 00:00:00 2001
From: fengmk2 <suqian.yf@antgroup.com>
Date: Thu, 21 Mar 2024 16:36:13 +0800
Subject: [PATCH] fix: handle upper case protocol like HTTP or HTTPS (#1806)

pick from https://github.com/koajs/koa/pull/1805

Co-authored-by: FDrag0n <34733637+FDrag0n@users.noreply.github.com>
---
 __tests__/response/redirect.js | 7 +++++++
 lib/response.js                | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/__tests__/response/redirect.js b/__tests__/response/redirect.js
index db2844460..5ef41d133 100644
--- a/__tests__/response/redirect.js
+++ b/__tests__/response/redirect.js
@@ -21,6 +21,13 @@ describe('ctx.redirect(url)', () => {
     assert.strictEqual(ctx.status, 302);
   });
 
+  it('should formatting url before redirect', () => {
+    const ctx = context();
+    ctx.redirect('HTTP://google.com\\@apple.coM/okoK');
+    assert.strictEqual(ctx.response.header.location, 'http://google.com/@apple.coM/okoK');
+    assert.strictEqual(ctx.status, 302);
+  });
+
   it('should auto fix not encode url', done => {
     const app = new Koa();
 
diff --git a/lib/response.js b/lib/response.js
index 2eec2dc26..65aa8ec63 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -261,7 +261,7 @@ module.exports = {
   redirect(url, alt) {
     // location
     if ('back' === url) url = this.ctx.get('Referrer') || alt || '/';
-    if (url.startsWith('https://') || url.startsWith('http://')) {
+    if (/^https?:\/\//i.test(url)) {
       // formatting url again avoid security escapes
       url = new URL(url).toString();
     }