Comments (4)
Hello @benmccann thanks for the report. There is no code in connect
that does any kind of redirection, so it is unclear what your issue is. In fact, following your steps, it properly responds with a 200 with your response, no redirect or Location
response header:
$ git clone https://github.com/benmccann/connect-repro connect-1137
Cloning into 'connect-1137'...
remote: Enumerating objects: 6, done.
remote: Counting objects: 100% (6/6), done.
remote: Compressing objects: 100% (5/5), done.
remote: Total 6 (delta 0), reused 6 (delta 0), pack-reused 0
Receiving objects: 100% (6/6), done.
$ cd connect-1137/
$ npm i
added 12 packages, and audited 13 packages in 938ms
found 0 vulnerabilities
$ node index.js &
[1] 2894
$ curl -i http://localhost:3000//www.google.com/
HTTP/1.1 200 OK
Date: Mon, 21 Mar 2022 16:39:11 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 20
Hello from Connect!
In the future, please respect our security policy.
from connect.
Hmm. This appears to be originating from Chrome. I see "Hello from Connect!" in curl
and Firefox, but am redirected in Chrome. Apologies for the false report
In the future, please respect our security policy.
I'm not sure what you mean by this. I guess you mean I should have emailed you as the policy states? But if so, please publish your email address on your Github profile or somewhere linked to from the security policy so that it's clear how to do so
from connect.
My email is in my GitHub profile. I can see it right under my profile pic. Make sure you are logged in to see emails of users, as I believe GitHub restricts them by default. You can also find emails for any npm module using npm owner ls
, look in package.json
, and many times in the license file. And if all else fails, simply open an issue to ask. Just posting a potentional security issue in the issues is just bad etiquette, especially when you know what the policy is, clearly.
As for Chrome, I do not get any redirect in Chrome, either, with your repro:
from connect.
Perhaps an OS or version issue. I'm definitely seeing a redirect in Chrome 98 for Linux. In any case, it seems unlikely to be an issue in Connect
I'm afraid even logged in I do not see your email address in your profile. You may want to note the npm owner ls
or package.json
tips in the security policy to help people locate your email if needed. Here's a screenshot of what I see
from connect.
Related Issues (20)
- cannot install connect using npm HOT 4
- use regexp to replace 'getProtohost' HOT 2
- finalhandler vulnerability HOT 6
- logo contribution HOT 3
- Settle on `res.locals` as mechanism for sharing config between middleware HOT 8
- Accepts array for middleware HOT 5
- TypeError: Cannot read property 'send' of undefined HOT 1
- Support route patterns HOT 1
- Documentation for "Node.js http request object" HOT 7
- Drop unsupported Node.js version HOT 1
- Not clear comment HOT 1
- whether can we give up nodejs that is less than version 7 ? HOT 5
- whether can we redesign connect code in ecmascript 2015+ syntax? HOT 3
- Error while using express-rate-limit HOT 1
- release HOT 2
- ConnectIkonic
- Content-Type: 'application/fhir+json' HOT 2
- route is not support params HOT 1
- Möchte das installieren
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from connect.