extract host, not hostname!
`url.host` includes the port, `url.hostname` doesn't. `http://foo.example.com/something` and `http://foo.example.com:1234/something` are different resources served by different hosts, we should not confuse them note that `(new URL('http://localhost:80')).host` is `localhost` and `(new URL('https://localhost:443')).host` is also `localhost`: the default port gets correctly ignored this change should not really affect anything in "the real world", as we're all serving over https from port 443, but it may stop some impersonation attacks
parent
4e4a1457
No related branches found
No related tags found
Please register or sign in to comment