diff --git a/__tests__/response/redirect.js b/__tests__/response/redirect.js index db2844460..5ef41d133 100644 --- a/__tests__/response/redirect.js +++ b/__tests__/response/redirect.js @@ -21,6 +21,13 @@ describe('ctx.redirect(url)', () => { assert.strictEqual(ctx.status, 302); }); + it('should formatting url before redirect', () => { + const ctx = context(); + ctx.redirect('HTTP://google.com\\@apple.coM/okoK'); + assert.strictEqual(ctx.response.header.location, 'http://google.com/@apple.coM/okoK'); + assert.strictEqual(ctx.status, 302); + }); + it('should auto fix not encode url', done => { const app = new Koa(); diff --git a/lib/response.js b/lib/response.js index 2eec2dc26..65aa8ec63 100644 --- a/lib/response.js +++ b/lib/response.js @@ -261,7 +261,7 @@ module.exports = { redirect(url, alt) { // location if ('back' === url) url = this.ctx.get('Referrer') || alt || '/'; - if (url.startsWith('https://') || url.startsWith('http://')) { + if (/^https?:\/\//i.test(url)) { // formatting url again avoid security escapes url = new URL(url).toString(); }