node-source-map-support icon indicating copy to clipboard operation
node-source-map-support copied to clipboard
verified publisher icon evanw

Fix support for absolute urls in sourceMappingURL

Open pfhayes opened this issue 2 years ago • 1 comments

Previously, supportRelativeURL would return an invalid response if both file and url were absolute.

sourceMapSupport.supportRelativeURL(
    'http://127.0.0.1:1336/chunk/chunk.js',
    'http://127.0.0.1:1336/chunk/chunk.js.map'
);
// Returns 'http://127.0.0.1:1336/chunk/http:/127.0.0.1:1336/chunk/chunk.js.map'

As a result, retrieveSourceMap would do the wrong thing when used in the browser on source maps with absolute URLs. This adds support.

I added a test but it wasn't clear to me how to update the test environment to support this. Instead, I just exposed the method for testing. I am open to feedback on how this could be improved.

pfhayes avatar Jun 30 '23 20:06 pfhayes

@pfhayes As a dependency of some other major open source projects please consider some easy security improvements to your project!

  1. Enable Branch Protection: This is critical for preventing unauthorized changes to your code. You can enable it in your repository settings on GitHub. Here's a sample code snippet for a .yml file to enforce branch protection: yaml branches: - name: master protection: required_pull_request_reviews: required_approving_review_count: 1 required_status_checks: strict: true contexts: [ 'ci/test' ]

  2. Implement Code Review: This is crucial for catching potential security vulnerabilities before they're merged into your codebase. You can enforce this by setting up a pull request template in your repository. Here's a sample .github/PULL_REQUEST_TEMPLATE.md file: markdown ## Proposed Changes Please describe the changes in this PR. This could be a bug fix, feature, etc. ## Type of Change What type of change does your code introduce to this project? - [ ] Bugfix - [ ] New feature - [ ] Enhancement - [ ] Other ## Reviewer Notes Anything else we should know about this PR?

  3. Pin Dependencies: This helps to prevent potential security vulnerabilities from dependencies. You can do this by specifying exact versions in your package.json file (for JavaScript projects). Here's a sample: json "dependencies": { "express": "4.17.1", "mongoose": "5.12.3" }

Please replace the branch names, context, and dependencies with those relevant to your project.

0xAverageUser avatar Jul 14 '23 14:07 0xAverageUser