extract host, not hostname!
`url.host` includes the port, `url.hostname` doesn't. `http://foo.example.com/something` and `http://foo.example.com:1234/something` are different resources served by different hosts, we should not confuse them note that `(new URL('http://localhost:80')).host` is `localhost` and `(new URL('https://localhost:443')).host` is also `localhost`: the default port gets correctly ignored this change should not really affect anything in "the real world", as we're all serving over https from port 443, but it may stop some impersonation attacks
Loading
Please register or sign in to comment