From f8cb8840f31737ef0da17d3f44d3325182c59448 Mon Sep 17 00:00:00 2001 From: Yorrick Bakker Date: Fri, 24 Sep 2021 15:53:31 +0200 Subject: [PATCH] Fix open redirect --- index.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/index.js b/index.js index ec86af8..42aab95 100644 --- a/index.js +++ b/index.js @@ -33,7 +33,9 @@ module.exports = function (options) { function redirect (redirectUrl) { var query = qs.stringify(req.query); - + + if (redirectUrl.includes('//')) return next() + redirectUrl += (query) ? '?' + query : ''; res.writeHead(301, {Location: redirectUrl}); res.end();