Update redirect query encoding

vercel · Oct 22, 2020 · 93362bc · 93362bc
1 parent ac8a0c4
commit 93362bc
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 11 deletions.
diff --git a/packages/next/next-server/server/next-server.ts b/packages/next/next-server/server/next-server.ts
@@ -730,9 +730,7 @@ export default class Server {
           const { query } = parsedDestination
           delete (parsedDestination as any).query
 
-          parsedDestination.search = stringifyQs(query, undefined, undefined, {
-            encodeURIComponent: (str: string) => str,
-          } as any)
+          parsedDestination.search = stringifyQs(query)
 
           const updatedDestination = formatUrl(parsedDestination)
 
@@ -774,12 +772,7 @@ export default class Server {
           if (parsedDestination.protocol) {
             const { query } = parsedDestination
             delete (parsedDestination as any).query
-            parsedDestination.search = stringifyQs(
-              query,
-              undefined,
-              undefined,
-              { encodeURIComponent: (str) => str }
-            )
+            parsedDestination.search = stringifyQs(query)
 
             const target = formatUrl(parsedDestination)
             const proxy = new Proxy({

diff --git a/test/integration/production/test/security.js b/test/integration/production/test/security.js
@@ -193,7 +193,7 @@ module.exports = (context) => {
       )
       expect(res.status).toBe(307)
       expect(pathname).toBe(encodeURI('/\\google.com/about'))
-      expect(hostname).not.toBe('google.com')
+      expect(hostname).toBe('localhost')
     })
 
     it('should handle encoded value in the pathname correctly %', async () => {
@@ -211,7 +211,28 @@ module.exports = (context) => {
       )
       expect(res.status).toBe(307)
       expect(pathname).toBe('/%25google.com/about')
-      expect(hostname).not.toBe('google.com')
+      expect(hostname).toBe('localhost')
+    })
+
+    it('should handle encoded value in the query correctly', async () => {
+      const res = await fetchViaHTTP(
+        context.appPort,
+        '/trailing-redirect/?url=https%3A%2F%2Fgoogle.com%2Fimage%3Fcrop%3Dfocalpoint%26w%3D24&w=1200&q=100',
+        undefined,
+        {
+          redirect: 'manual',
+        }
+      )
+
+      const { pathname, hostname, query } = url.parse(
+        res.headers.get('location') || ''
+      )
+      expect(res.status).toBe(308)
+      expect(pathname).toBe('/trailing-redirect')
+      expect(hostname).toBe('localhost')
+      expect(query).toBe(
+        'url=https%3A%2F%2Fgoogle.com%2Fimage%3Fcrop%3Dfocalpoint%26w%3D24&w=1200&q=100'
+      )
     })
   })
 }