Skip to content
Snippets Groups Projects
Commit 028652e7 authored by dakkar's avatar dakkar
Browse files

extract host, not hostname!

`url.host` includes the port, `url.hostname` doesn't.

`http://foo.example.com/something` and
`http://foo.example.com:1234/something` are different resources served
by different hosts, we should not confuse them

note that `(new URL('http://localhost:80')).host` is `localhost` and
`(new URL('https://localhost:443')).host` is also `localhost`: the
default port gets correctly ignored

this change should not really affect anything in "the real world", as
we're all serving over https from port 443, but it may stop some
impersonation attacks
parent 4e4a1457
No related branches found
No related tags found
Loading
Pipeline #453 passed with stage
in 1 minute and 55 seconds