thiagoelg commented on code in PR #3353:
URL:
https://github.com/apache/incubator-kie-tools/pull/3353#discussion_r2575180456
##########
packages/cors-proxy/src/proxy/ExpressCorsProxy.ts:
##########
@@ -140,7 +141,18 @@ export class ExpressCorsProxy implements
CorsProxy<Request, Response> {
}
private resolveRequestInfo(request: Request): ProxyRequestInfo {
+ const origin = request.header("origin");
const targetUrl: string = (request.headers[CorsProxyHeaderKeys.TARGET_URL]
as string) ?? request.url;
+ const parsedTargetUrl = new URL(targetUrl);
Review Comment:
But even after doing `const parsedTargetUrl = new URL(targetUrl.slice(1))`
this is the resulting URL:
```
[0] { targetUrl: '/api.rm2.thpm.p1.openshiftapps.com:6443/version' }
[0] {
[0] parsedTargetUrl: URL {
[0] href: 'api.rm2.thpm.p1.openshiftapps.com:6443/version',
[0] origin: 'null',
[0] protocol: 'api.rm2.thpm.p1.openshiftapps.com:',
[0] username: '',
[0] password: '',
[0] host: '',
[0] hostname: '',
[0] port: '',
[0] pathname: '6443/version',
[0] search: '',
[0] searchParams: URLSearchParams {},
[0] hash: ''
[0] }
[0] }
```
Notice that the hostname is empty (probably because the URL doesn't have the
protocol), and it will make the `allowHosts` check fail.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
