From 9f562e27879dfe6e4e959887386cb2b008d71203 Mon Sep 17 00:00:00 2001
From: bulk88 <bulk88@hotmail.com>
Date: Tue, 5 Oct 2021 10:09:46 -0400
Subject: [PATCH] add workaround to URL parser for Cloudflare Reverse Proxy bug

---
 lib/cors-anywhere.js | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/lib/cors-anywhere.js b/lib/cors-anywhere.js
index eb4f47c5..e5e36d66 100644
--- a/lib/cors-anywhere.js
+++ b/lib/cors-anywhere.js
@@ -225,6 +225,21 @@ function onProxyResponse(proxy, proxyReq, proxyRes, req, res) {
  * @return {object} URL parsed using url.parse
  */
 function parseURL(req_url) {
+  //Cloudflare reverse proxy has a bug of collapsing multiple /s to one
+  // https://community.cloudflare.com/t/worker-url-obj-parses-double-backslash-diff-from-chrome/210046
+  // https://community.cloudflare.com/t/bug-inconsistent-url-behaviour/98044
+  // https://community.cloudflare.com/t/worker-fetch-mangles-location-header-url-on-redirect-from-origin/311984
+  //so just make https://fooapp.herokuapp.com/http:/example.com/index.html
+  //parse correctly
+
+  //handling a corrupted good URL such as
+  //https://fooapp.herokuapp.com///example.com/index.html
+  //which corrupts to
+  //https://fooapp.herokuapp.com//example.com/index.html is skipped
+  //since its a much more rare URL format and unknown if it was really
+  //a corrupt protocol relative or a true server relative
+  //(unsupported, this is a proxy, we don't have endpoints or content)
+  req_url = req_url.replace(/^http(s?):\/(?!\/)/, 'http$1://');
   var match = req_url.match(/^(?:(https?:)?\/\/)?(([^\/?]+?)(?::(\d{0,5})(?=[\/?]|$))?)([\/?][\S\s]*|$)/i);
   //                              ^^^^^^^          ^^^^^^^^      ^^^^^^^                ^^^^^^^^^^^^
   //                            1:protocol       3:hostname     4:port                 5:path + query string