-
Notifications
You must be signed in to change notification settings - Fork 29.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Uri#parse can break path-component #45515
Comments
I dug into this a bit today, and it's caused by the I'm not sure what the right fix is, but special-casing http(s) schemes (vs. file), and not calling it for Maybe the right thing is to not decode at all until you need to reproduce the URI as a string. I note that in the browser, this is what happens: new URL("https://firebasestorage.googleapis.com/v0/b/brewlangerie.appspot.com/o/products%2FzVNZkudXJyq8bPGTXUxx%2FBetterave-Sesame.jpg?alt=media&token=0b2310c4-3ea6-4207-bbde-9c3710ba0437").pathname
"/v0/b/brewlangerie.appspot.com/o/products%2FzVNZkudXJyq8bPGTXUxx%2FBetterave-Sesame.jpg" Same in node: require('url').parse('https://firebasestorage.googleapis.com/v0/b/brewlangerie.appspot.com/o/products%2FzVNZkudXJyq8bPGTXUxx%2FBetterave-Sesame.jpg?alt=media&token=0b2310c4-3ea6-4207-bbde-9c3710ba0437').pathname
'/v0/b/brewlangerie.appspot.com/o/products%2FzVNZkudXJyq8bPGTXUxx%2FBetterave-Sesame.jpg' |
cc'ing @jrieken, who git shows to have been active on this code, and might have thoughts. |
/duplicate of #25852 |
Sorry, this actually is not a duplicate of #25852 |
%2F
fixed via #73849 |
This unfortunately had to be reverted and reopened. The fix introduced a bunch of bad regressions that we couldn't easily fix. We revert to the old behaviour and we need to get back to the drawing board, however no easy solution exists... |
Fixed via #83060. There is still a caveat when calling parse and accessing the components of an URI because those are decoded (see this test which documents the current behaviour). This is for compatibility reasons. Anyways, calling toString will return the correct result and do the right thing when opened in a browser etc |
re-opened via 58479e8 |
Thanks for creating this issue! We figured it's covering the same as another one we already have. Thus, we closed this one as a duplicate. You can search for existing issues here. See also our issue reporting guidelines. Happy Coding! |
Steps to Reproduce:
%2F
are not preserved and are replaced with/
, causing the request to failDoes this issue occur when all extensions are disabled?: Yes
The text was updated successfully, but these errors were encountered: