Open lesion opened 5 years ago
for reference:
https://expressjs.com/en/api.html#req.originalUrl
This property is much like req.url; however, it retains the original request URL, allowing you to rewrite req.url freely for internal routing purposes. For example, the “mounting” feature of app.use() will rewrite req.url to strip the mount point.
If you're ok with this I would prepare a PR
I'm finding signatures created with http-signature
that include (request-target) will fail later validation by http-signature
because the signer and validator do not construct the same signature string. The proposed fix would solve the issue for me
Here's a workaround:
const tempUrl = req.url
req.url = req.originalUrl
sigHead = httpSignature.parse(req)
req.url = tempUrl
https://github.com/joyent/node-http-signature/blob/523e7c5a3a081e046813f62ab182e294a08eaf0d/lib/parser.js#L266
express.js will overwrite req.url using
app.use
:inside verifySignature the
req
param has the propertyurl
without the/first
part of path so it fails. I'm actually overwriting it to make it works:so the question: shoud we use
originalUrl
param instead?