Use encodeurl package to escape URLs for axios (#15257)

Co-authored-by: Rijk van Zanten <rijkvanzanten@me.com>
2026-04-25 03:00:53 -04:00 · 2022-08-30 03:05:29 +08:00
parent 5e8137367b
commit 92b54c4d09
4 changed files with 16 additions and 5 deletions
--- a/api/package.json
+++ b/api/package.json
@@ -108,6 +108,7 @@
 		"deep-map": "^2.0.0",
 		"destroy": "^1.2.0",
 		"dotenv": "^10.0.0",
+		"encodeurl": "^1.0.2",
 		"eventemitter2": "^6.4.5",
 		"execa": "^5.1.1",
 		"exifr": "^7.1.3",
@@ -186,6 +187,7 @@
 		"@types/cors": "2.8.12",
 		"@types/deep-diff": "1.0.1",
 		"@types/destroy": "1.0.0",
+		"@types/encodeurl": "^1.0.0",
 		"@types/express": "4.17.13",
 		"@types/express-pino-logger": "4.0.3",
 		"@types/express-serve-static-core": "^4.17.29",
--- a/api/src/operations/request/index.ts
+++ b/api/src/operations/request/index.ts
@@ -1,5 +1,6 @@
 import { defineOperationApi, parseJSON } from '@directus/shared/utils';
 import axios, { Method } from 'axios';
+import encodeUrl from 'encodeurl';

 type Options = {
 	url: string;
@@ -22,9 +23,8 @@ export default defineOperationApi<Options>({
 			customHeaders['Content-Type'] = 'application/json';
 		}

-		const shouldEncode = decodeURI(url) === url;
 		const result = await axios({
-			url: shouldEncode ? encodeURI(url) : url,
+			url: encodeUrl(url),
 			method,
 			data: body,
 			headers: customHeaders,
--- a/api/src/services/files.ts
+++ b/api/src/services/files.ts
@@ -18,6 +18,7 @@ import { toArray } from '@directus/shared/utils';
 import { ItemsService } from './items';
 import net from 'net';
 import os from 'os';
+import encodeURL from 'encodeurl';

 const lookupDNS = promisify(lookup);

@@ -243,8 +244,7 @@ export class FilesService extends ItemsService {
 		let fileResponse: AxiosResponse<NodeJS.ReadableStream>;

 		try {
-			const shouldEncode = decodeURI(importURL) === importURL;
-			fileResponse = await axios.get<NodeJS.ReadableStream>(shouldEncode ? encodeURI(importURL) : importURL, {
+			fileResponse = await axios.get<NodeJS.ReadableStream>(encodeURL(importURL), {
 				responseType: 'stream',
 			});
 		} catch (err: any) {
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -89,6 +89,7 @@ importers:
      '@types/cors': 2.8.12
      '@types/deep-diff': 1.0.1
      '@types/destroy': 1.0.0
+      '@types/encodeurl': ^1.0.0
      '@types/express': 4.17.13
      '@types/express-pino-logger': 4.0.3
      '@types/express-serve-static-core': ^4.17.29
@@ -142,6 +143,7 @@ importers:
      deep-map: ^2.0.0
      destroy: ^1.2.0
      dotenv: ^10.0.0
+      encodeurl: ^1.0.2
      eventemitter2: ^6.4.5
      execa: ^5.1.1
      exifr: ^7.1.3
@@ -246,6 +248,7 @@ importers:
      deep-map: 2.0.0
      destroy: 1.2.0
      dotenv: 10.0.0
+      encodeurl: 1.0.2
      eventemitter2: 6.4.6
      execa: 5.1.1
      exifr: 7.1.3
@@ -321,6 +324,7 @@ importers:
      '@types/cors': 2.8.12
      '@types/deep-diff': 1.0.1
      '@types/destroy': 1.0.0
+      '@types/encodeurl': 1.0.0
      '@types/express': 4.17.13
      '@types/express-pino-logger': 4.0.3
      '@types/express-serve-static-core': 4.17.29
@@ -3908,6 +3912,11 @@ packages:
      '@types/trusted-types': 2.0.2
    dev: true

+  /@types/encodeurl/1.0.0:
+    resolution:
+      { integrity: sha512-iO2Q6xQOJ5DtOB6wJ2KIetFq9JRTbpzcKTe2aS6CCsa+W9KNWX2yXx9KeB5sY/nBfAWN43LkPg6SFB+ldsW9ZA== }
+    dev: true
+
  /@types/estree/0.0.39:
    resolution:
      { integrity: sha512-EYNwp3bU+98cpU4lAWYYL7Zz+2gryWH1qbdDTidVd6hkiR6weksdbMadyXKXNPEkQFhXM+hVO9ZygomHXp+AIw== }
@@ -10575,8 +10584,8 @@ packages:
    engines: { node: '>= 0.6' }
    hasBin: true
    dependencies:
-      JSV: 4.0.2
      chalk: 2.4.2
+      JSV: 4.0.2
      underscore: 1.13.4
    dev: true