search

julianlam / nodebb-plugin-session-sharing

Allows login sessions from your app to persist in NodeBB
MIT License
88 stars 65 forks source link

Redirection loop on reload when utf-8 characters in url #90

Closed anglov closed 3 years ago

anglov commented 3 years ago

nodebb version: 1.15.5 plugin version: 4.6.10 Revalidate option is enabled in plugin config.

When url having utf-8 characters – for example category name is „Zażółć gęslą jaźń” and just reload page, redirection loop will be encoutered.

In this example:

GET | http://localhost:4567/category/5/za%C5%BC%C3%B3%C5%82%C4%87-g%C4%99%C5%9Bl%C4%85-ja%C5%BA%C5%84
302 Found -> Location | /category/5/za%25C5%25BC%25C3%25B3%25C5%2582%25C4%2587-g%25C4%2599%25C5%259Bl%25C4%2585-ja%25C5%25BA%25C5%2584

GET | http://localhost:4567/category/5/za%25C5%25BC%25C3%25B3%25C5%2582%25C4%2587-g%25C4%2599%25C5%259Bl%25C4%2585-ja%25C5%25BA%25C5%2584
308 Permanent Redirect -> Location | /category/5/za%C5%BC%C3%B3%C5%82%C4%87-g%C4%99%C5%9Bl%C4%85-ja%C5%BA%C5%84

GET | http://localhost:4567/category/5/za%C5%BC%C3%B3%C5%82%C4%87-g%C4%99%C5%9Bl%C4%85-ja%C5%BA%C5%84
302 Found -> Location | /category/5/za%25C5%25BC%25C3%25B3%25C5%2582%25C4%2587-g%25C4%2599%25C5%259Bl%25C4%2585-ja%25C5%25BA%25C5%2584

and so on.

I found that https://github.com/julianlam/nodebb-plugin-session-sharing/blob/master/library.js#L487 removing encodeURI call fixes this problem, but not sure if it's a valid solution.

julianlam commented 3 years ago

I have looked in the history and I do not know why the returnTo url is wrapped in encodeURI, I will do some investigation and remove if necessary.

julianlam commented 3 years ago

Seems returnTo is used as-is throughout NodeBB, so it should be safe to remove it.