From 29af1d6fcc1afb3f033baa043d63f8ec092278d6 Mon Sep 17 00:00:00 2001 From: Thibault Meunier Date: Thu, 18 Sep 2025 18:00:17 +0200 Subject: [PATCH] Fix Typescript implementation as path has to be normalised per RFC 9421 section 2.2.6 --- packages/http-message-sig/src/build.ts | 8 ++++++-- packages/http-message-sig/test/build.spec.ts | 4 ++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/packages/http-message-sig/src/build.ts b/packages/http-message-sig/src/build.ts index 1e26730..9656e87 100644 --- a/packages/http-message-sig/src/build.ts +++ b/packages/http-message-sig/src/build.ts @@ -26,11 +26,15 @@ export function getUrl( const host = extractHeader(message, "host"); const protocol = message.protocol || "http"; const baseUrl = `${protocol}://${host}`; - return new URL(message.url, baseUrl); + const url = new URL(message.url, baseUrl); + url.pathname = decodeURIComponent(url.pathname); + return new URL(url.href); } if (!(message as RequestLike).url) throw new Error(`${component} is only valid for requests`); - return new URL((message as RequestLike).url); + const url = new URL((message as RequestLike).url); + url.pathname = decodeURIComponent(url.pathname); + return new URL(url.href); } // see https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures-06#section-2.3 diff --git a/packages/http-message-sig/test/build.spec.ts b/packages/http-message-sig/test/build.spec.ts index dfdd6f9..7df3f18 100644 --- a/packages/http-message-sig/test/build.spec.ts +++ b/packages/http-message-sig/test/build.spec.ts @@ -110,11 +110,11 @@ describe("build", () => { const result = extractComponent( { method: "POST", - url: "https://www.example.com/path?param=value", + url: "https://www.example.com/%7epath?param=value", } as unknown as RequestLike, "@path" ); - expect(result).to.equal("/path"); + expect(result).to.equal("/~path"); }); it("correctly extracts the @query", () => {