Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(Headers): don't forward secure headers to 3th party #1449
fix(Headers): don't forward secure headers to 3th party #1449
Changes from 1 commit
5c32f00
d4157c1
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this use the public suffix list instead? https://publicsuffix.org/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think that would be necessary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you think about adding the
.
to theendsWith
call?I think that this is much easier to read☺️
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if you are making a request to
fridas-blog.uk.com
and it redirects touk.com
thenuk.com
should not know about the cookie... cuz the cookie can be tied tofridas-blog.uk.com
a
= referer (original request)fridas-blog.uk.com
b
= destination (Location)uk.com
a.endsWith('.${b}')
===true
b
is not the same host or a subdomain ofa
...so i guess it can't work...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if you are only after something that is sorter and dose the same thing:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I still don't understand how the two checks are different? As far as I can tell, unless I'm missing something, the two functions below behave the exact same way?
The case you are mentioning seems to be handled wrong in the committed code then?
(extra ping @jimmywarting since this is already merged)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm, double checked again and you are right... they are equally the same, But there is no mistake in the merged code...
I was blinded by the order of arguments passed down to
isDomainOrSubdomain
and mixing up whats gets passed down to the function and in which order. i was just so blinded by how Go and follow-redirects also did it using the dot indexBut at least there is no rush to change it now... can change it later
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a & b was a stupid variable name...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice 👍
Submitted PR to make the code easier to understand here: #1455