The regular expression used in the ApiAuth::Headers#parse_uri method matches all strings that look like hosts in the uri, not only the real host.
For example, https://www.google.com/?redirect_to=https://www.example.com is turned into /?redirect_to= when it should be /?redirect_to=https://www.example.com.
This commit adds a test for that case and fixes it by using Ruby's URI.parse method instead of a custom regexp.
The regular expression used in the
ApiAuth::Headers#parse_urimethod matches all strings that look like hosts in the uri, not only the real host.For example,
https://www.google.com/?redirect_to=https://www.example.comis turned into/?redirect_to=when it should be/?redirect_to=https://www.example.com.This commit adds a test for that case and fixes it by using Ruby's
URI.parsemethod instead of a custom regexp.