Fix URL sanitiation and rewriting-related functions removing query strings and hashes.

src/middleware/redirectTrailingSlashes.js

@@ -1,5 +1,4 @@
 const fs = require("fs");
-const url = require("url");
 
 module.exports = (req, res, logFacilities, config, next) => {
   // Trailing slash redirection
@@ -21,17 +20,7 @@ module.exports = (req, res, logFacilities, config, next) => {
               res.error(500, err);
             }
           } else {
-            var destinationURL = new url.Url();
+            res.redirect(req.originalParsedURL.pathname + "/" + req.parsedURL.search + req.parsedURL.hash);
-            destinationURL.path = null;
-            destinationURL.href = null;
-            destinationURL.pathname = req.originalParsedURL.pathname + "/";
-            destinationURL.hostname = null;
-            destinationURL.host = null;
-            destinationURL.port = null;
-            destinationURL.protocol = null;
-            destinationURL.slashes = null;
-            destinationURL = url.format(destinationURL);
-            res.redirect(destinationURL);
           }
         },
       );

src/middleware/rewriteURL.js

@@ -1,5 +1,4 @@
 const fs = require("fs");
-const url = require("url");
 const createRegex = require("../utils/createRegex.js");
 const ipMatch = require("../utils/ipMatch.js");
 const sanitizeURL = require("../utils/urlSanitizer.js");
@@ -126,16 +125,7 @@ module.exports = (req, res, logFacilities, config, next) => {
         logFacilities.errmessage("Content blocked.");
         return;
       } else if (sHref != req.parsedURL.pathname) {
-        var rewrittenAgainURL = new url.Url();
+        var rewrittenAgainURL = sHref + req.parsedURL.search + req.parsedURL.hash;
-        rewrittenAgainURL.path = null;
-        rewrittenAgainURL.href = null;
-        rewrittenAgainURL.pathname = sHref;
-        rewrittenAgainURL.hostname = null;
-        rewrittenAgainURL.host = null;
-        rewrittenAgainURL.port = null;
-        rewrittenAgainURL.protocol = null;
-        rewrittenAgainURL.slashes = null;
-        rewrittenAgainURL = url.format(rewrittenAgainURL);
         logFacilities.resmessage(
           "URL sanitized: " + req.url + " => " + rewrittenAgainURL,
         );

src/middleware/urlSanitizer.js

@@ -1,5 +1,4 @@
 const sanitizeURL = require("../utils/urlSanitizer.js");
-const url = require("url");
 
 module.exports = (req, res, logFacilities, config, next) => {
   // Sanitize URL
@@ -12,16 +11,7 @@ module.exports = (req, res, logFacilities, config, next) => {
 
   // Check if URL is "dirty"
   if (req.parsedURL.pathname != sanitizedHref && !req.isProxy) {
-    let sanitizedURL = new url.Url();
+    let sanitizedURL = sanitizedHref + req.parsedURL.search + req.parsedURL.hash;
-    sanitizedURL.path = null;
-    sanitizedURL.href = null;
-    sanitizedURL.pathname = sanitizedHref;
-    sanitizedURL.hostname = null;
-    sanitizedURL.host = null;
-    sanitizedURL.port = null;
-    sanitizedURL.protocol = null;
-    sanitizedURL.slashes = null;
-    sanitizedURL = url.format(sanitizedURL);
     logFacilities.resmessage(
       "URL sanitized: " + req.url + " => " + sanitizedURL,
     );

src/middleware/webRootPostfixes.js

@@ -113,16 +113,7 @@ module.exports = (req, res, logFacilities, config, next) => {
         logFacilities.errmessage("Content blocked.");
         return;
       } else if (sHref != req.parsedURL.pathname) {
-        var rewrittenAgainURL = new url.Url();
+        let rewrittenAgainURL = sHref + req.parsedURL.search + req.parsedURL.hash;
-        rewrittenAgainURL.path = null;
-        rewrittenAgainURL.href = null;
-        rewrittenAgainURL.pathname = sHref;
-        rewrittenAgainURL.hostname = null;
-        rewrittenAgainURL.host = null;
-        rewrittenAgainURL.port = null;
-        rewrittenAgainURL.protocol = null;
-        rewrittenAgainURL.slashes = null;
-        rewrittenAgainURL = url.format(rewrittenAgainURL);
         logFacilities.resmessage(
           "URL sanitized: " + req.url + " => " + rewrittenAgainURL,
         );