Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(transition): correct relative paths, redirect middleware #432

Merged
merged 2 commits into from
Aug 19, 2020
Merged

fix(transition): correct relative paths, redirect middleware #432

merged 2 commits into from
Aug 19, 2020

Conversation

LoneRifle
Copy link
Contributor

@LoneRifle LoneRifle commented Aug 19, 2020
edited
Loading

Problem

Closes #427

Solution

  • Ensure all requested assets are relative to the site root
  • Add cdn.jsdelivr.net to the CSP allow list for SGDS resources
  • Ensure that only GETs to /short-url and nothing else are redirected, everything else is 404

Screenshots

image

# Before
::ffff:127.0.0.1 - [19/Aug/2020:01:24:05 +0000] "GET /haha/assets HTTP/1.1" 302 "https://google.com" "-" 80 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" 2.625 ms
# After
::ffff:127.0.0.1 - [19/Aug/2020:01:41:12 +0000] "GET /haha/assets HTTP/1.1" 404 "-" "-" 1780 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" 9.094 ms
::ffff:127.0.0.1 - [19/Aug/2020:01:56:24 +0000] "GET /haha/ HTTP/1.1" 302 "https://google.com" "-" 80 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" 61.161 ms

@LoneRifle
fix(transition): correct relative paths
afedeea 
- Ensure all requested assets are relative to the site root
- Add cdn.jsdelivr.net to the CSP allow list for SGDS resources
@LoneRifle
fix(redirect): app.use => app.get
38a1e10 
app.use applies to all requests that match a given path, including
requests to subpaths. This results in redirects for URLs that are
incorrect, including `/short-url/unwanted/path`.

Correct this by specifying that only GETs to short URL paths should
be handled.
@LoneRifle LoneRifle changed the title fix(transition): correct relative paths fix(transition): correct relative paths, redirect middleware Aug 19, 2020
yong-jie
yong-jie approved these changes Aug 19, 2020
View reviewed changes
Copy link
Member

@yong-jie yong-jie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@LoneRifle LoneRifle merged commit e6a3c77 into develop Aug 19, 2020
@yong-jie yong-jie deleted the fix/transition/correct-rel-paths branch September 8, 2020 08:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yong-jie yong-jie yong-jie approved these changes

@liangyuanruo liangyuanruo Awaiting requested review from liangyuanruo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

CSP errors when accessing shortlinks with a trailing slash
2 participants
@LoneRifle @yong-jie