Why is path dropped?

Question

Why is path dropped?

ecdeveloper opened this issue 4 years ago · 5 comments

I've been trying to run the script against URLs that look like https://example.com/foo/bar, and it looks like /foo/bar piece is being dropped, so we test only against the root domain - https://example.com. Any reason for doing that?

Answer 1 · 2020-08-19T17:22:33.000Z

hey, test my fork of the tool and see if the problem still persists

Answer 2 · 2020-08-19T18:41:20.000Z

I've actually fixed it locally by adding the parsed path to the url, but I was curious if it's a bug or intended behavior.

Answer 3 · 2020-08-21T04:02:11.000Z

It is intended behavior. Do you guys want me to "fix" it?

Answer 4 · 2020-08-21T06:24:42.000Z

Here's my thinking behind keeping the path. Sometimes various paths may have different CORS rules. More so, sometimes two different paths under the same hostname may point to different backends, so IMO it makes sense to scan all available paths.

Answer 5 · 2021-01-28T11:28:41.000Z

This issue has been fixed now.