From a919acca6832b6b14134428241859a7b39d2d1c3 Mon Sep 17 00:00:00 2001 From: ahmed oueslati <72260223+ahmed-oues@users.noreply.github.com> Date: Mon, 13 Jan 2025 13:04:27 +0100 Subject: [PATCH 1/2] Relax parseOrigin validation to allow paths withe "/" --- lib/core/util.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/util.js b/lib/core/util.js index dfefac6d15c..13fa4e8fdf4 100644 --- a/lib/core/util.js +++ b/lib/core/util.js @@ -241,7 +241,7 @@ function parseURL (url) { function parseOrigin (url) { url = parseURL(url) - if (url.pathname !== '/' || url.search || url.hash) { + if (url.search || url.hash) { throw new InvalidArgumentError('invalid url') } From f175a7317f68bebc1fee09280d03b5a7bee4bb8f Mon Sep 17 00:00:00 2001 From: ahmed oueslati <72260223+ahmed-oues@users.noreply.github.com> Date: Tue, 14 Jan 2025 12:49:30 +0100 Subject: [PATCH 2/2] Add unit tests for parseOrigin function --- test/issue-3999.js | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 test/issue-3999.js diff --git a/test/issue-3999.js b/test/issue-3999.js new file mode 100644 index 00000000000..c4552a13417 --- /dev/null +++ b/test/issue-3999.js @@ -0,0 +1,34 @@ +'use strict' + +const { test } = require('node:test') +const assert = require('node:assert') +const { parseOrigin } = require('../lib/core/util') + +// Test cases for parseOrigin functionality +test('parseOrigin allows URLs with paths and rejects invalid ones', async (t) => { + // Valid URL with path + const validUrl = 'https://api.domain.com/elastic' + const result = parseOrigin(validUrl) + assert.strictEqual(result.href, validUrl, 'Should return the input URL with the path for valid cases') + + // Invalid URL with query string + const invalidQueryUrl = 'https://api.domain.com/elastic?query=test' + assert.throws( + () => parseOrigin(invalidQueryUrl), + /InvalidArgumentError/, + 'Should throw InvalidArgumentError for URLs with query strings' + ) + + // Invalid URL with fragment + const invalidFragmentUrl = 'https://api.domain.com/elastic#section' + assert.throws( + () => parseOrigin(invalidFragmentUrl), + /InvalidArgumentError/, + 'Should throw InvalidArgumentError for URLs with fragments' + ) + + // Valid URL without path + const validSimpleUrl = 'https://api.domain.com' + const simpleResult = parseOrigin(validSimpleUrl) + assert.strictEqual(simpleResult.href, `${validSimpleUrl}/`, 'Should return the input URL with the trailing slash') +})