mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-14 18:42:33 +03:00
Code Activity

fix(sec): CVE-2024-39338 (#6539) (#6543)

Browse Source 
* fix(sec): cve-2024-39338 (#6539)

* fix(sec): fix test
This commit is contained in:
Lev Pachmanov
2024-08-13 21:43:05 +03:00
committed by GitHub
parent 07a661a2a6
commit 6b6b605eaf
4 changed files with 47 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/adapters/http.js
+1 -1
View File
@@ -229,7 +229,7 @@ export default isHttpAdapterSupported && function httpAdapter(config) {
// Parse url
const fullPath = buildFullPath(config.baseURL, config.url);
const parsed = new URL(fullPath, 'http://localhost');
const parsed = new URL(fullPath, utils.hasBrowserEnv ? platform.origin : undefined);
const protocol = parsed.protocol || supportedProtocols[0];
if (protocol === 'data:') {
lib/helpers/isAbsoluteURL.js
+2 -2
View File
@@ -8,8 +8,8 @@
* @returns {boolean} True if the specified URL is absolute, otherwise false
*/
export default function isAbsoluteURL(url) {
// A URL is considered absolute if it begins with "<scheme>://".
// A URL is considered absolute if it begins with "<scheme>://" or "//" (protocol-relative URL).
// RFC 3986 defines scheme name as a sequence of characters beginning with a letter and followed
// by any combination of letters, digits, plus, period, or hyphen.
return /^([a-z][a-z\d+\-.]*:)\/\//i.test(url);
return /^([a-z][a-z\d+\-.]*:)?\/\//i.test(url);
}