search

sveltejs / kit

web development, streamlined
https://kit.svelte.dev
MIT License
18.48k stars 1.89k forks source link

Sveltekit crashes with a double slash path #6747

Closed infusion closed 2 years ago

infusion commented 2 years ago

Describe the bug

Hello,

we had a strange problem occurring in production where svelte-kit crashes when calling the site with https://foo.com//. The problem is, that the JavaScript URL class can't handle a single double slash string, such es

new URL('//', 'http://dummy')

Probably this syntax expects a string after the slashes, as it is the start of a schemaless URL, such as //foo.com/bla.

Surprisingly the crash does not occur on my local Macbook with the project being run using npm run dev. Here a redirect happens, which is also the expected behavior.

Thanks

Reproduction

In the built version of the project, go to the site https://foo.com// with double slashes at the end.

Logs

node:internal/url:553
  throw new ERR_INVALID_URL(input);
  ^

TypeError [ERR_INVALID_URL]: Invalid URL
    at new NodeError (node:internal/errors:372:5)
    at URL.onParseError (node:internal/url:553:9)
    at new URL (node:internal/url:629:5)
    at file:///www/project/node_modules/@sveltejs/kit/dist/chunks/index5.js:101:33
    at next (file:///www/project/node_modules/@sveltejs/kit/dist/chunks/index5.js:218:5)
    at file:///www/project/node_modules/@sveltejs/kit/dist/chunks/index5.js:218:29
    at file:///www/project/node_modules/@sveltejs/kit/dist/chunks/index5.js:34:25
    at next (file:///www/project/node_modules/@sveltejs/kit/dist/chunks/index5.js:218:5)
    at file:///www/project/node_modules/@sveltejs/kit/dist/chunks/index5.js:218:29
    at file:///www/project/node_modules/@sveltejs/kit/dist/chunks/constants.js:642:28 {
  input: '//',
  code: 'ERR_INVALID_URL'
}

System Info

System:
    OS: Linux 4.15 Ubuntu 18.04.6 LTS (Bionic Beaver)
    CPU: (2) x64 Intel(R) Xeon(R) Gold 6140 CPU @ 2.30GHz
    Memory: 6.33 GB / 7.79 GB
    Container: Yes
    Shell: 5.4.2 - /usr/bin/zsh
  Binaries:
    Node: 16.15.1 - /usr/bin/node
    npm: 8.17.0 - /usr/local/bin/npm

Severity

serious, but I can work around it

Additional Information

No response

Conduitry commented 2 years ago

This sounds like #2532, and should have been fixed some time ago. What version of SvelteKit are you on?

infusion commented 2 years ago

Thanks, I searched for the problem on the issues but couldn't find #2532, thanks. Seems the built did not upgrade the kit, it still runs on 1.0.0-next.303.