Closed lucianosantana closed 3 years ago
dougwilson
commented
3 years ago This module already respects the value in req.originalUrl when calculating the redirect. You would set that value in middleware before this one that uses the appropriate headers set by your proxy.
Accepting this PR would end up as a security vulnerability of the type open redirect, unfortunately.
dougwilson
commented
3 years ago If your environment works as you set up this PR, here is a middleware for your specific environment:
app.use((req, res, next) => {
req.originalUrl = (this.req.headers['x-forwarded-prefix'] || '') + req.url
next()
})
lucianosantana
commented
3 years ago Makes sense. Thanks for the feedback @dougwilson
If express is behind a proxy that strips the path prefix before forwarding the request, the current redirection will lead to errors. In order to fix that, it should consider and prepend the prefix if it exists.
As an example, here is a related issue.
Also, just for reference on the "X-Forwarded-Prefix" header, I'll share some links: