Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-03-23 00:16:25 +01:00
Code Issues Projects Releases Wiki Activity

fix: remove consecutive slashes (#3882)

Browse Source 
A small middleware who will rewrite potential dual slashes to a single slash.
This commit is contained in:
Mateusz Kwasniewski 2023-05-27 18:16:51 +02:00 committed by GitHub
parent 52904ee038
commit 5534e4deeb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/lib/app.ts
View File

@ -66,6 +66,11 @@ export default async function getApp(
app.use(compression());
app.use(cookieParser());
app.use((req, res, next) => {
req.url = req.url.replace(/\/+/g, '/');
next();
});
app.use(
`${baseUriPath}/api/admin/features-batch`,
express.json({ strict: false, limit: '500kB' }),

5
src/test/e2e/api/auth/leading-slashes-are-stripped.e2e.test.ts
View File

@ -29,6 +29,11 @@ afterAll(async () => {
await db.destroy();
});
test('Access to//api/admin/tags are refused no matter how many leading slashes', async () => {
await app.request.get('//api/admin/tags').expect(401);
await app.request.get('////api/admin/tags').expect(401);
});
test('Access to /api/client/features are refused no matter how many leading slashes', async () => {
await app.request.get('/api/client/features').expect(401);
await app.request.get('/////api/client/features').expect(401);