Fix parsing of weird req.originalUrl values

dougwilson · dougwilson · commit 0b0f00b5702a · 2014-08-09T23:42:10.000-04:00
closes #13
diff --git a/History.md b/History.md
@@ -1,3 +1,9 @@
+unreleased
+==========
+
+  * Fix parsing of weird `req.originalUrl` values
+  * deps: parseurl@~1.3.0
+
 1.5.0 / 2014-08-05
 ==================
 
diff --git a/index.js b/index.js
@@ -50,7 +50,7 @@ exports = module.exports = function(root, options){
   return function staticMiddleware(req, res, next) {
     if ('GET' != req.method && 'HEAD' != req.method) return next();
     var opts = extend({}, options);
-    var originalUrl = url.parse(req.originalUrl || req.url);
+    var originalUrl = parseurl.original(req);
     var path = parseurl(req).pathname;
 
     if (path === '/' && originalUrl.pathname[originalUrl.pathname.length - 1] !== '/') {
diff --git a/package.json b/package.json
@@ -7,7 +7,7 @@
   "repository": "expressjs/serve-static",
   "dependencies": {
     "escape-html": "1.0.1",
-    "parseurl": "~1.2.0",
+    "parseurl": "~1.3.0",
     "send": "0.8.1"
   },
   "devDependencies": {
diff --git a/test/test.js b/test/test.js
@@ -471,7 +471,7 @@ describe('serveStatic()', function(){
     before(function () {
       server = createServer(fixtures, null, function (req) {
         req.originalUrl = req.url;
-        req.url = '/' + req.url.split('/').slice(2).join('/');
+        req.url = '/' + req.url.split('/').slice(3).join('/');
       });
     });
 
@@ -481,6 +481,13 @@ describe('serveStatic()', function(){
       .expect('Location', '/static/users/')
       .expect(303, done);
     });
+
+    it('should not choke on auth-looking URL', function(done){
+      request(server)
+      .get('//todo@txt')
+      .expect('Location', '//todo@txt/')
+      .expect(303, done);
+    });
   });
 
   describe('when responding non-2xx or 304', function(){
