Normalize URL handling #796
Conversation
Codecov Report❌ Patch coverage is 📢 Thoughts on this report? Let us know! |
![aikido-pr-checks[bot]](https://avatars.githubusercontent.com/in/898896?s=60&v=4){kind=small}
| }), | ||
| body: req.payload, | ||
| url: req.url.toString(), | ||
| url: req.raw?.req ? getRequestUrl(req.raw?.req) : partialUrl, |
There was a problem hiding this comment.
Changed computation of exported Context.url (now may return a different absolute form), which can break clients expecting the previous req.url.toString() value.
Details
✨ AI Reasoning
1) The code constructs a Context object from an incoming Hapi Request; the PR changes how the url field is computed (now using getRequestUrl(req.raw?.req) when available) and adds a new urlPath field.
2) This alters the semantic value of the exported context.url property (previously always req.url.toString()), which can change downstream behavior for any consumers relying on the old absolute/relative form.
3) Adding urlPath is additive and safe, but changing the existing url value is a breaking contract for clients that expect the previous format.
🔧 How do I fix it?
Support both old and new parameter names during transition periods. Add new optional parameters with defaults. Keep existing response fields while adding new ones. Focus on backwards compatibility.
More info - Comment @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
We always want to use the full absolute URL including the host and different formats depending on the framework.
We also want to respect proxy headers if the proxy is trusted.
We also need to add the path to the context!! ✅