-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
url: drop auth in url.resolve()
if host changes
#1480
Conversation
I don't think it should copy over. However, to change that would be > var parsed = url.parse('mailto:user@example.org');
undefined
> parsed.host = 'example.com';
'example.com'
> url.format(parsed);
'mailto:user@example.com' |
perhaps @domenic would be interested in reviewing? |
What do browsers do? What does the spec (perhaps best tested via https://github.com/jsdom/whatwg-url) do? |
I agree with @domenic. Our url module should align with the spec. |
Looks like this was never resolved. There's really no question that the user id and password should not be getting copied over.. |
@nodejs/http |
I concur with @jasnell and this PR |
@nodejs/ctc ... amazingly, this PR was opened a year ago and still applies cleanly (albeit using a three way merge). It even passes linting! The change LGTM. marked it semver-major because it changes the behavior of url.resolve to drop the auth but it could also be classified as a bug fix. PTAL |
CI is green! |
@mscdex @cjihrig @trevnorris ... can one of you give this a quick glance over? |
'http://diff:auth@www.example.com/'] | ||
'http://diff:auth@www.example.com/'], | ||
|
||
// https://github.com/iojs/io.js/issues/1435 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be changed to point to the nodejs/node
repo
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, I was going to change that upon landing (although, I kinda like that it still points to iojs, lol)
LGTM |
It only took 1 year and 5 days but this landed in eb4201f ;-) |
#1435
Not sure how to handle this though.