vike 0.4.147-commit-2fa53b2 → 0.4.147-commit-f9a91f3

package/dist/cjs/node/runtime/renderPage/createHttpResponseObject/assertNoInfiniteHttpRedirect.js

@@ -10,7 +10,7 @@ const globalObject = (0, utils_js_1.getGlobalObject)('assertNoInfiniteHttpRedire
     redirectGraph: {}
 });
 function assertNoInfiniteHttpRedirect(urlRedirectTarget, urlLogical) {
-    if (urlRedirectTarget.startsWith('http')) {
+    if ((0, utils_js_1.isUriWithProtocol)(urlRedirectTarget)) {
         // We assume that urlRedirectTarget points to an origin that is external (not the same origin), and we can therefore assume that the app doesn't define an infinite loop (in itself).
         //  - There isn't a reliable way to check whether the redirect points to an external origin or the same origin. For same origins, we assume/hope the user to pass the URL without origin.
         //    ```js

package/dist/cjs/node/runtime/renderPage.js

@@ -39,17 +39,17 @@ async function renderPage(pageContextInit) {
     (0, assertArguments_js_1.assertArguments)(...arguments);
     (0, utils_js_1.assert)((0, utils_js_1.hasProp)(pageContextInit, 'urlOriginal', 'string'));
     (0, utils_js_1.assertEnv)();
-    if (skipRequest(pageContextInit.urlOriginal)) {
-        const pageContextHttpReponseNull = getPageContextHttpResponseNull(pageContextInit);
-        (0, utils_js_1.checkType)(pageContextHttpReponseNull);
-        return pageContextHttpReponseNull;
+    if (isIgnoredUrl(pageContextInit.urlOriginal)) {
+        const pageContextHttpResponseNull = getPageContextHttpResponseNull(pageContextInit);
+        (0, utils_js_1.checkType)(pageContextHttpResponseNull);
+        return pageContextHttpResponseNull;
     }
     const httpRequestId = getRequestId();
-    const urlToShowToUser = pageContextInit.urlOriginal;
-    logHttpRequest(urlToShowToUser, httpRequestId);
+    const { urlOriginal } = pageContextInit;
+    logHttpRequest(urlOriginal, httpRequestId);
     globalObject.pendingRequestsCount++;
     const { pageContextReturn, onRequestDone } = await renderPage_wrapper(httpRequestId, () => renderPageAndPrepare(pageContextInit, httpRequestId));
-    logHttpResponse(urlToShowToUser, httpRequestId, pageContextReturn);
+    logHttpResponse(urlOriginal, httpRequestId, pageContextReturn);
     globalObject.pendingRequestsCount--;
     onRequestDone();
     (0, utils_js_1.checkType)(pageContextReturn);
@@ -60,8 +60,8 @@ async function renderPageAndPrepare(pageContextInit, httpRequestId) {
     // Invalid config
     const handleInvalidConfig = () => {
         (0, loggerRuntime_js_1.logRuntimeInfo)?.(picocolors_1.default.bold(picocolors_1.default.red("Couldn't load configuration: see error above.")), httpRequestId, 'error');
-        const pageContextHttpReponseNull = getPageContextHttpResponseNull(pageContextInit);
-        return pageContextHttpReponseNull;
+        const pageContextHttpResponseNull = getPageContextHttpResponseNull(pageContextInit);
+        return pageContextHttpResponseNull;
     };
     if (isConfigInvalid_js_1.isConfigInvalid) {
         return handleInvalidConfig();
@@ -77,8 +77,8 @@ async function renderPageAndPrepare(pageContextInit, httpRequestId) {
         // initGlobalContext() and getRenderContext() don't call any user hooks => err isn't thrown from user code
         (0, utils_js_1.assert)(!(0, abort_js_1.isAbortError)(err));
         (0, loggerRuntime_js_1.logRuntimeError)(err, httpRequestId);
-        const pageContextHttpReponseNull = getPageContextHttpResponseNullWithError(err, pageContextInit);
-        return pageContextHttpReponseNull;
+        const pageContextHttpResponseNull = getPageContextHttpResponseNullWithError(err, pageContextInit);
+        return pageContextHttpResponseNull;
     }
     if (isConfigInvalid_js_1.isConfigInvalid) {
         return handleInvalidConfig();
@@ -86,15 +86,23 @@ async function renderPageAndPrepare(pageContextInit, httpRequestId) {
     else {
         // From now on, renderContext.pageConfigs contains all the configuration data; getVikeConfig() isn't called anymore for this request
     }
+    // Check Base URL
+    {
+        const pageContextHttpResponse = checkBaseUrl(pageContextInit, httpRequestId);
+        if (pageContextHttpResponse)
+            return pageContextHttpResponse;
+    }
+    // Normalize URL
     {
-        const pageContextHttpReponse = normalizeUrl(pageContextInit, httpRequestId);
-        if (pageContextHttpReponse)
-            return pageContextHttpReponse;
+        const pageContextHttpResponse = normalizeUrl(pageContextInit, httpRequestId);
+        if (pageContextHttpResponse)
+            return pageContextHttpResponse;
     }
+    // Permanent redirects (HTTP status code `301`)
     {
-        const pageContextHttpReponse = getPermanentRedirect(pageContextInit, httpRequestId);
-        if (pageContextHttpReponse)
-            return pageContextHttpReponse;
+        const pageContextHttpResponse = getPermanentRedirect(pageContextInit, httpRequestId);
+        if (pageContextHttpResponse)
+            return pageContextHttpResponse;
     }
     return await renderPageAlreadyPrepared(pageContextInit, httpRequestId, renderContext, []);
 }
@@ -177,8 +185,8 @@ async function renderPageAlreadyPrepared(pageContextInit, httpRequestId, renderC
                 if (!handled.pageContextReturn) {
                     const pageContextAbort = errErrorPage._pageContextAbort;
                     (0, utils_js_1.assertWarning)(false, `Failed to render error page because ${picocolors_1.default.cyan(pageContextAbort._abortCall)} was called: make sure ${picocolors_1.default.cyan(pageContextAbort._abortCaller)} doesn't occur while the error page is being rendered.`, { onlyOnce: false });
-                    const pageContextHttpReponseNull = getPageContextHttpResponseNullWithError(errNominalPage, pageContextInit);
-                    return pageContextHttpReponseNull;
+                    const pageContextHttpResponseNull = getPageContextHttpResponseNullWithError(errNominalPage, pageContextInit);
+                    return pageContextHttpResponseNull;
                 }
                 // `throw redirect()` / `throw render(url)`
                 return handled.pageContextReturn;
@@ -186,18 +194,28 @@ async function renderPageAlreadyPrepared(pageContextInit, httpRequestId, renderC
             if ((0, isNewError_js_1.isNewError)(errErrorPage, errNominalPage)) {
                 (0, loggerRuntime_js_1.logRuntimeError)(errErrorPage, httpRequestId);
             }
-            const pageContextHttpReponseNull = getPageContextHttpResponseNullWithError(errNominalPage, pageContextInit);
-            return pageContextHttpReponseNull;
+            const pageContextHttpResponseNull = getPageContextHttpResponseNullWithError(errNominalPage, pageContextInit);
+            return pageContextHttpResponseNull;
         }
         return pageContextErrorPage;
     }
 }
-function logHttpRequest(urlToShowToUser, httpRequestId) {
+function logHttpRequest(urlOriginal, httpRequestId) {
     const clearErrors = globalObject.pendingRequestsCount === 0;
-    (0, loggerRuntime_js_1.logRuntimeInfo)?.(`HTTP request: ${picocolors_1.default.bold(urlToShowToUser)}`, httpRequestId, 'info', clearErrors);
+    (0, loggerRuntime_js_1.logRuntimeInfo)?.(getRequestInfoMessage(urlOriginal), httpRequestId, 'info', clearErrors);
 }
-function logHttpResponse(urlToShowToUser, httpRequestId, pageContextReturn) {
+function getRequestInfoMessage(urlOriginal) {
+    return `HTTP request: ${picocolors_1.default.bold(urlOriginal)}`;
+}
+function logHttpResponse(urlOriginal, httpRequestId, pageContextReturn) {
     const statusCode = pageContextReturn.httpResponse?.statusCode ?? null;
+    {
+        // If URL doesn't include Base URL
+        const { errorWhileRendering } = pageContextReturn;
+        const isSkipped = statusCode === null && (errorWhileRendering === null || errorWhileRendering === undefined);
+        if (isSkipped)
+            return;
+    }
     const isSuccess = statusCode !== null && statusCode >= 200 && statusCode <= 399;
     const isNominal = isSuccess || statusCode === 404;
     const color = (s) => picocolors_1.default.bold(isSuccess ? picocolors_1.default.green(String(s)) : picocolors_1.default.red(String(s)));
@@ -211,39 +229,30 @@ function logHttpResponse(urlToShowToUser, httpRequestId, pageContextReturn) {
             .find((header) => header[0] === 'Location');
         (0, utils_js_1.assert)(headerRedirect);
         const urlRedirect = headerRedirect[1];
-        urlToShowToUser = urlRedirect;
+        urlOriginal = urlRedirect;
     }
-    (0, loggerRuntime_js_1.logRuntimeInfo)?.(`HTTP ${type} ${picocolors_1.default.bold(urlToShowToUser)} ${color(statusCode ?? 'ERR')}`, httpRequestId, isNominal ? 'info' : 'error');
+    (0, loggerRuntime_js_1.logRuntimeInfo)?.(`HTTP ${type} ${picocolors_1.default.bold(urlOriginal)} ${color(statusCode ?? 'ERR')}`, httpRequestId, isNominal ? 'info' : 'error');
 }
 function getPageContextHttpResponseNullWithError(err, pageContextInit) {
-    const pageContextHttpReponseNull = {};
-    (0, utils_js_1.objectAssign)(pageContextHttpReponseNull, pageContextInit);
-    (0, utils_js_1.objectAssign)(pageContextHttpReponseNull, {
+    const pageContextHttpResponseNull = {};
+    (0, utils_js_1.objectAssign)(pageContextHttpResponseNull, pageContextInit);
+    (0, utils_js_1.objectAssign)(pageContextHttpResponseNull, {
         httpResponse: null,
         errorWhileRendering: err
     });
-    return pageContextHttpReponseNull;
+    return pageContextHttpResponseNull;
 }
 function getPageContextHttpResponseNull(pageContextInit) {
-    const pageContextHttpReponseNull = {};
-    (0, utils_js_1.objectAssign)(pageContextHttpReponseNull, pageContextInit);
-    (0, utils_js_1.objectAssign)(pageContextHttpReponseNull, {
+    const pageContextHttpResponseNull = {};
+    (0, utils_js_1.objectAssign)(pageContextHttpResponseNull, pageContextInit);
+    (0, utils_js_1.objectAssign)(pageContextHttpResponseNull, {
         httpResponse: null,
         errorWhileRendering: null
     });
-    return pageContextHttpReponseNull;
+    return pageContextHttpResponseNull;
 }
 async function renderPageNominal(pageContext) {
     (0, utils_js_1.objectAssign)(pageContext, { errorWhileRendering: null });
-    // Check Base URL
-    {
-        const { urlWithoutPageContextRequestSuffix } = (0, handlePageContextRequestUrl_js_1.handlePageContextRequestUrl)(pageContext.urlOriginal);
-        const hasBaseServer = (0, utils_js_1.parseUrl)(urlWithoutPageContextRequestSuffix, pageContext._baseServer).hasBaseServer || !!pageContext._urlRewrite;
-        if (!hasBaseServer) {
-            (0, utils_js_1.objectAssign)(pageContext, { httpResponse: null });
-            return pageContext;
-        }
-    }
     // Route
     {
         const pageContextFromRoute = await (0, index_js_1.route)(pageContext);
@@ -309,7 +318,7 @@ function getRequestId() {
     (0, utils_js_1.assert)(httpRequestId >= 1);
     return httpRequestId;
 }
-function skipRequest(urlOriginal) {
+function isIgnoredUrl(urlOriginal) {
     const isViteClientRequest = urlOriginal.endsWith('/@vite/client') || urlOriginal.startsWith('/@fs/');
     (0, utils_js_1.assertWarning)(!isViteClientRequest, `The vike middleware renderPage() was called with the URL ${urlOriginal} which is unexpected because the HTTP request should have already been handled by Vite's development middleware. Make sure to 1. install Vite's development middleware and 2. add Vite's middleware *before* Vike's middleware, see https://vike.dev/renderPage`, { onlyOnce: true });
     return (urlOriginal.endsWith('/__vite_ping') ||
@@ -406,3 +415,15 @@ async function handleAbortError(errAbort, pageContextsFromRewrite, pageContextIn
     (0, utils_js_1.assert)(pageContextAbort.abortStatusCode);
     return { pageContextAbort };
 }
+function checkBaseUrl(pageContextInit, httpRequestId) {
+    const { baseServer } = (0, globalContext_js_1.getGlobalContext)();
+    const { urlOriginal } = pageContextInit;
+    const { urlWithoutPageContextRequestSuffix } = (0, handlePageContextRequestUrl_js_1.handlePageContextRequestUrl)(urlOriginal);
+    const { hasBaseServer } = (0, utils_js_1.parseUrl)(urlWithoutPageContextRequestSuffix, baseServer);
+    if (!hasBaseServer) {
+        (0, loggerRuntime_js_1.logRuntimeInfo)?.(`${getRequestInfoMessage(urlOriginal)} skipped because URL ${picocolors_1.default.bold(urlOriginal)} doesn't start with Base URL ${picocolors_1.default.bold(baseServer)} (https://vike.dev/base-url)`, httpRequestId, 'info');
+        const pageContextHttpResponseNull = getPageContextHttpResponseNull(pageContextInit);
+        return pageContextHttpResponseNull;
+    }
+    return null;
+}

package/dist/cjs/shared/route/resolveRedirects.js

@@ -5,6 +5,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.resolveRouteStringRedirect = exports.resolveRedirects = void 0;
 const assertIsNotBrowser_js_1 = require("../../utils/assertIsNotBrowser.js");
+const parseUrl_extras_js_1 = require("../../utils/parseUrl-extras.js");
 const utils_js_1 = require("../utils.js");
 const resolveRouteString_js_1 = require("./resolveRouteString.js");
 const picocolors_1 = __importDefault(require("@brillout/picocolors"));
@@ -23,9 +24,9 @@ exports.resolveRedirects = resolveRedirects;
 function resolveRouteStringRedirect(urlSource, urlTarget, urlPathname) {
     (0, resolveRouteString_js_1.assertRouteString)(urlSource, `${configSrc} Invalid`);
     (0, utils_js_1.assertUsage)(urlTarget.startsWith('/') ||
-        urlTarget.startsWith('http://') ||
-        urlTarget.startsWith('https://') ||
-        urlTarget === '*', `${configSrc} Invalid redirection target URL ${picocolors_1.default.cyan(urlTarget)}: the target URL should start with ${picocolors_1.default.cyan('/')}, ${picocolors_1.default.cyan('http://')}, ${picocolors_1.default.cyan('https://')}, or be ${picocolors_1.default.cyan('*')}`);
+        // Is allowing any protocol a safety issue? https://github.com/vikejs/vike/pull/1292#issuecomment-1828043917
+        (0, parseUrl_extras_js_1.isUriWithProtocol)(urlTarget) ||
+        urlTarget === '*', `${configSrc} Invalid redirection target URL ${picocolors_1.default.cyan(urlTarget)}: the target URL should start with ${picocolors_1.default.cyan('/')}, a valid protocol (${picocolors_1.default.cyan('https:')}, ${picocolors_1.default.cyan('http:')}, ${picocolors_1.default.cyan('ipfs:')}, ${picocolors_1.default.cyan('magnet:')}, ...), or be ${picocolors_1.default.cyan('*')}`);
     assertParams(urlSource, urlTarget);
     const match = (0, resolveRouteString_js_1.resolveRouteString)(urlSource, urlPathname);
     if (!match)
@@ -37,10 +38,12 @@ function resolveRouteStringRedirect(urlSource, urlTarget, urlPathname) {
         }
         urlResolved = urlResolved.replaceAll(key, val);
     });
-    (0, utils_js_1.assert)(!urlResolved.includes('@'));
+    if (!urlResolved.startsWith('mailto:')) {
+        (0, utils_js_1.assertUsage)(!urlResolved.includes('@'), 'URL should not contain "@" unless it is a mailto link.');
+    }
     if (urlResolved === urlPathname)
         return null;
-    (0, utils_js_1.assert)(urlTarget.startsWith('/') || urlTarget.startsWith('http'));
+    (0, utils_js_1.assert)(urlResolved.startsWith('/') || (0, parseUrl_extras_js_1.isUriWithProtocol)(urlResolved));
     return urlResolved;
 }
 exports.resolveRouteStringRedirect = resolveRouteStringRedirect;

package/dist/cjs/utils/parseUrl-extras.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.addUrlOrigin = exports.removeUrlOrigin = exports.modifyUrlPathname = exports.removeBaseServer = exports.normalizeUrlPathname = exports.isBaseAssets = exports.prependBase = void 0;
+exports.isUriWithProtocol = exports.addUrlOrigin = exports.removeUrlOrigin = exports.modifyUrlPathname = exports.removeBaseServer = exports.normalizeUrlPathname = exports.isBaseAssets = exports.prependBase = void 0;
 const parseUrl_js_1 = require("./parseUrl.js");
 const assert_js_1 = require("./assert.js");
 const slice_js_1 = require("./slice.js");
@@ -103,3 +103,8 @@ function addUrlOrigin(url, origin) {
     return urlModified;
 }
 exports.addUrlOrigin = addUrlOrigin;
+function isUriWithProtocol(uri) {
+    // https://en.wikipedia.org/wiki/List_of_URI_schemes
+    return /^[a-z0-9][a-z0-9\.\+\-]*:/i.test(uri);
+}
+exports.isUriWithProtocol = isUriWithProtocol;

package/dist/cjs/utils/projectInfo.js

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PROJECT_VERSION = exports.projectInfo = void 0;
 const assertSingleInstance_js_1 = require("./assertSingleInstance.js");
-const PROJECT_VERSION = '0.4.147-commit-2fa53b2';
+const PROJECT_VERSION = '0.4.147-commit-f9a91f3';
 exports.PROJECT_VERSION = PROJECT_VERSION;
 const projectInfo = {
     projectName: 'Vike',

package/dist/esm/node/runtime/renderPage/createHttpResponseObject/assertNoInfiniteHttpRedirect.js

@@ -1,11 +1,11 @@
 export { assertNoInfiniteHttpRedirect };
-import { assert, assertUsage, getGlobalObject } from '../../utils.js';
+import { assert, assertUsage, getGlobalObject, isUriWithProtocol } from '../../utils.js';
 import pc from '@brillout/picocolors';
 const globalObject = getGlobalObject('assertNoInfiniteHttpRedirect.ts', {
     redirectGraph: {}
 });
 function assertNoInfiniteHttpRedirect(urlRedirectTarget, urlLogical) {
-    if (urlRedirectTarget.startsWith('http')) {
+    if (isUriWithProtocol(urlRedirectTarget)) {
         // We assume that urlRedirectTarget points to an origin that is external (not the same origin), and we can therefore assume that the app doesn't define an infinite loop (in itself).
         //  - There isn't a reliable way to check whether the redirect points to an external origin or the same origin. For same origins, we assume/hope the user to pass the URL without origin.
         //    ```js

package/dist/esm/node/runtime/renderPage.js

@@ -34,17 +34,17 @@ async function renderPage(pageContextInit) {
     assertArguments(...arguments);
     assert(hasProp(pageContextInit, 'urlOriginal', 'string'));
     assertEnv();
-    if (skipRequest(pageContextInit.urlOriginal)) {
-        const pageContextHttpReponseNull = getPageContextHttpResponseNull(pageContextInit);
-        checkType(pageContextHttpReponseNull);
-        return pageContextHttpReponseNull;
+    if (isIgnoredUrl(pageContextInit.urlOriginal)) {
+        const pageContextHttpResponseNull = getPageContextHttpResponseNull(pageContextInit);
+        checkType(pageContextHttpResponseNull);
+        return pageContextHttpResponseNull;
     }
     const httpRequestId = getRequestId();
-    const urlToShowToUser = pageContextInit.urlOriginal;
-    logHttpRequest(urlToShowToUser, httpRequestId);
+    const { urlOriginal } = pageContextInit;
+    logHttpRequest(urlOriginal, httpRequestId);
     globalObject.pendingRequestsCount++;
     const { pageContextReturn, onRequestDone } = await renderPage_wrapper(httpRequestId, () => renderPageAndPrepare(pageContextInit, httpRequestId));
-    logHttpResponse(urlToShowToUser, httpRequestId, pageContextReturn);
+    logHttpResponse(urlOriginal, httpRequestId, pageContextReturn);
     globalObject.pendingRequestsCount--;
     onRequestDone();
     checkType(pageContextReturn);
@@ -54,8 +54,8 @@ async function renderPageAndPrepare(pageContextInit, httpRequestId) {
     // Invalid config
     const handleInvalidConfig = () => {
         logRuntimeInfo?.(pc.bold(pc.red("Couldn't load configuration: see error above.")), httpRequestId, 'error');
-        const pageContextHttpReponseNull = getPageContextHttpResponseNull(pageContextInit);
-        return pageContextHttpReponseNull;
+        const pageContextHttpResponseNull = getPageContextHttpResponseNull(pageContextInit);
+        return pageContextHttpResponseNull;
     };
     if (isConfigInvalid) {
         return handleInvalidConfig();
@@ -71,8 +71,8 @@ async function renderPageAndPrepare(pageContextInit, httpRequestId) {
         // initGlobalContext() and getRenderContext() don't call any user hooks => err isn't thrown from user code
         assert(!isAbortError(err));
         logRuntimeError(err, httpRequestId);
-        const pageContextHttpReponseNull = getPageContextHttpResponseNullWithError(err, pageContextInit);
-        return pageContextHttpReponseNull;
+        const pageContextHttpResponseNull = getPageContextHttpResponseNullWithError(err, pageContextInit);
+        return pageContextHttpResponseNull;
     }
     if (isConfigInvalid) {
         return handleInvalidConfig();
@@ -80,15 +80,23 @@ async function renderPageAndPrepare(pageContextInit, httpRequestId) {
     else {
         // From now on, renderContext.pageConfigs contains all the configuration data; getVikeConfig() isn't called anymore for this request
     }
+    // Check Base URL
+    {
+        const pageContextHttpResponse = checkBaseUrl(pageContextInit, httpRequestId);
+        if (pageContextHttpResponse)
+            return pageContextHttpResponse;
+    }
+    // Normalize URL
     {
-        const pageContextHttpReponse = normalizeUrl(pageContextInit, httpRequestId);
-        if (pageContextHttpReponse)
-            return pageContextHttpReponse;
+        const pageContextHttpResponse = normalizeUrl(pageContextInit, httpRequestId);
+        if (pageContextHttpResponse)
+            return pageContextHttpResponse;
     }
+    // Permanent redirects (HTTP status code `301`)
     {
-        const pageContextHttpReponse = getPermanentRedirect(pageContextInit, httpRequestId);
-        if (pageContextHttpReponse)
-            return pageContextHttpReponse;
+        const pageContextHttpResponse = getPermanentRedirect(pageContextInit, httpRequestId);
+        if (pageContextHttpResponse)
+            return pageContextHttpResponse;
     }
     return await renderPageAlreadyPrepared(pageContextInit, httpRequestId, renderContext, []);
 }
@@ -171,8 +179,8 @@ async function renderPageAlreadyPrepared(pageContextInit, httpRequestId, renderC
                 if (!handled.pageContextReturn) {
                     const pageContextAbort = errErrorPage._pageContextAbort;
                     assertWarning(false, `Failed to render error page because ${pc.cyan(pageContextAbort._abortCall)} was called: make sure ${pc.cyan(pageContextAbort._abortCaller)} doesn't occur while the error page is being rendered.`, { onlyOnce: false });
-                    const pageContextHttpReponseNull = getPageContextHttpResponseNullWithError(errNominalPage, pageContextInit);
-                    return pageContextHttpReponseNull;
+                    const pageContextHttpResponseNull = getPageContextHttpResponseNullWithError(errNominalPage, pageContextInit);
+                    return pageContextHttpResponseNull;
                 }
                 // `throw redirect()` / `throw render(url)`
                 return handled.pageContextReturn;
@@ -180,18 +188,28 @@ async function renderPageAlreadyPrepared(pageContextInit, httpRequestId, renderC
             if (isNewError(errErrorPage, errNominalPage)) {
                 logRuntimeError(errErrorPage, httpRequestId);
             }
-            const pageContextHttpReponseNull = getPageContextHttpResponseNullWithError(errNominalPage, pageContextInit);
-            return pageContextHttpReponseNull;
+            const pageContextHttpResponseNull = getPageContextHttpResponseNullWithError(errNominalPage, pageContextInit);
+            return pageContextHttpResponseNull;
         }
         return pageContextErrorPage;
     }
 }
-function logHttpRequest(urlToShowToUser, httpRequestId) {
+function logHttpRequest(urlOriginal, httpRequestId) {
     const clearErrors = globalObject.pendingRequestsCount === 0;
-    logRuntimeInfo?.(`HTTP request: ${pc.bold(urlToShowToUser)}`, httpRequestId, 'info', clearErrors);
+    logRuntimeInfo?.(getRequestInfoMessage(urlOriginal), httpRequestId, 'info', clearErrors);
 }
-function logHttpResponse(urlToShowToUser, httpRequestId, pageContextReturn) {
+function getRequestInfoMessage(urlOriginal) {
+    return `HTTP request: ${pc.bold(urlOriginal)}`;
+}
+function logHttpResponse(urlOriginal, httpRequestId, pageContextReturn) {
     const statusCode = pageContextReturn.httpResponse?.statusCode ?? null;
+    {
+        // If URL doesn't include Base URL
+        const { errorWhileRendering } = pageContextReturn;
+        const isSkipped = statusCode === null && (errorWhileRendering === null || errorWhileRendering === undefined);
+        if (isSkipped)
+            return;
+    }
     const isSuccess = statusCode !== null && statusCode >= 200 && statusCode <= 399;
     const isNominal = isSuccess || statusCode === 404;
     const color = (s) => pc.bold(isSuccess ? pc.green(String(s)) : pc.red(String(s)));
@@ -205,39 +223,30 @@ function logHttpResponse(urlToShowToUser, httpRequestId, pageContextReturn) {
             .find((header) => header[0] === 'Location');
         assert(headerRedirect);
         const urlRedirect = headerRedirect[1];
-        urlToShowToUser = urlRedirect;
+        urlOriginal = urlRedirect;
     }
-    logRuntimeInfo?.(`HTTP ${type} ${pc.bold(urlToShowToUser)} ${color(statusCode ?? 'ERR')}`, httpRequestId, isNominal ? 'info' : 'error');
+    logRuntimeInfo?.(`HTTP ${type} ${pc.bold(urlOriginal)} ${color(statusCode ?? 'ERR')}`, httpRequestId, isNominal ? 'info' : 'error');
 }
 function getPageContextHttpResponseNullWithError(err, pageContextInit) {
-    const pageContextHttpReponseNull = {};
-    objectAssign(pageContextHttpReponseNull, pageContextInit);
-    objectAssign(pageContextHttpReponseNull, {
+    const pageContextHttpResponseNull = {};
+    objectAssign(pageContextHttpResponseNull, pageContextInit);
+    objectAssign(pageContextHttpResponseNull, {
         httpResponse: null,
         errorWhileRendering: err
     });
-    return pageContextHttpReponseNull;
+    return pageContextHttpResponseNull;
 }
 function getPageContextHttpResponseNull(pageContextInit) {
-    const pageContextHttpReponseNull = {};
-    objectAssign(pageContextHttpReponseNull, pageContextInit);
-    objectAssign(pageContextHttpReponseNull, {
+    const pageContextHttpResponseNull = {};
+    objectAssign(pageContextHttpResponseNull, pageContextInit);
+    objectAssign(pageContextHttpResponseNull, {
         httpResponse: null,
         errorWhileRendering: null
     });
-    return pageContextHttpReponseNull;
+    return pageContextHttpResponseNull;
 }
 async function renderPageNominal(pageContext) {
     objectAssign(pageContext, { errorWhileRendering: null });
-    // Check Base URL
-    {
-        const { urlWithoutPageContextRequestSuffix } = handlePageContextRequestUrl(pageContext.urlOriginal);
-        const hasBaseServer = parseUrl(urlWithoutPageContextRequestSuffix, pageContext._baseServer).hasBaseServer || !!pageContext._urlRewrite;
-        if (!hasBaseServer) {
-            objectAssign(pageContext, { httpResponse: null });
-            return pageContext;
-        }
-    }
     // Route
     {
         const pageContextFromRoute = await route(pageContext);
@@ -303,7 +312,7 @@ function getRequestId() {
     assert(httpRequestId >= 1);
     return httpRequestId;
 }
-function skipRequest(urlOriginal) {
+function isIgnoredUrl(urlOriginal) {
     const isViteClientRequest = urlOriginal.endsWith('/@vite/client') || urlOriginal.startsWith('/@fs/');
     assertWarning(!isViteClientRequest, `The vike middleware renderPage() was called with the URL ${urlOriginal} which is unexpected because the HTTP request should have already been handled by Vite's development middleware. Make sure to 1. install Vite's development middleware and 2. add Vite's middleware *before* Vike's middleware, see https://vike.dev/renderPage`, { onlyOnce: true });
     return (urlOriginal.endsWith('/__vite_ping') ||
@@ -400,3 +409,15 @@ async function handleAbortError(errAbort, pageContextsFromRewrite, pageContextIn
     assert(pageContextAbort.abortStatusCode);
     return { pageContextAbort };
 }
+function checkBaseUrl(pageContextInit, httpRequestId) {
+    const { baseServer } = getGlobalContext();
+    const { urlOriginal } = pageContextInit;
+    const { urlWithoutPageContextRequestSuffix } = handlePageContextRequestUrl(urlOriginal);
+    const { hasBaseServer } = parseUrl(urlWithoutPageContextRequestSuffix, baseServer);
+    if (!hasBaseServer) {
+        logRuntimeInfo?.(`${getRequestInfoMessage(urlOriginal)} skipped because URL ${pc.bold(urlOriginal)} doesn't start with Base URL ${pc.bold(baseServer)} (https://vike.dev/base-url)`, httpRequestId, 'info');
+        const pageContextHttpResponseNull = getPageContextHttpResponseNull(pageContextInit);
+        return pageContextHttpResponseNull;
+    }
+    return null;
+}

package/dist/esm/shared/route/resolveRedirects.js

@@ -2,6 +2,7 @@ export { resolveRedirects };
 // For ./resolveRedirects.spec.ts
 export { resolveRouteStringRedirect };
 import { assertIsNotBrowser } from '../../utils/assertIsNotBrowser.js';
+import { isUriWithProtocol } from '../../utils/parseUrl-extras.js';
 import { assert, assertUsage } from '../utils.js';
 import { assertRouteString, resolveRouteString } from './resolveRouteString.js';
 import pc from '@brillout/picocolors';
@@ -19,9 +20,9 @@ function resolveRedirects(redirects, urlPathname) {
 function resolveRouteStringRedirect(urlSource, urlTarget, urlPathname) {
     assertRouteString(urlSource, `${configSrc} Invalid`);
     assertUsage(urlTarget.startsWith('/') ||
-        urlTarget.startsWith('http://') ||
-        urlTarget.startsWith('https://') ||
-        urlTarget === '*', `${configSrc} Invalid redirection target URL ${pc.cyan(urlTarget)}: the target URL should start with ${pc.cyan('/')}, ${pc.cyan('http://')}, ${pc.cyan('https://')}, or be ${pc.cyan('*')}`);
+        // Is allowing any protocol a safety issue? https://github.com/vikejs/vike/pull/1292#issuecomment-1828043917
+        isUriWithProtocol(urlTarget) ||
+        urlTarget === '*', `${configSrc} Invalid redirection target URL ${pc.cyan(urlTarget)}: the target URL should start with ${pc.cyan('/')}, a valid protocol (${pc.cyan('https:')}, ${pc.cyan('http:')}, ${pc.cyan('ipfs:')}, ${pc.cyan('magnet:')}, ...), or be ${pc.cyan('*')}`);
     assertParams(urlSource, urlTarget);
     const match = resolveRouteString(urlSource, urlPathname);
     if (!match)
@@ -33,10 +34,12 @@ function resolveRouteStringRedirect(urlSource, urlTarget, urlPathname) {
         }
         urlResolved = urlResolved.replaceAll(key, val);
     });
-    assert(!urlResolved.includes('@'));
+    if (!urlResolved.startsWith('mailto:')) {
+        assertUsage(!urlResolved.includes('@'), 'URL should not contain "@" unless it is a mailto link.');
+    }
     if (urlResolved === urlPathname)
         return null;
-    assert(urlTarget.startsWith('/') || urlTarget.startsWith('http'));
+    assert(urlResolved.startsWith('/') || isUriWithProtocol(urlResolved));
     return urlResolved;
 }
 function assertParams(urlSource, urlTarget) {

package/dist/esm/utils/parseUrl-extras.d.ts

@@ -5,6 +5,7 @@ export { removeBaseServer };
 export { modifyUrlPathname };
 export { removeUrlOrigin };
 export { addUrlOrigin };
+export { isUriWithProtocol };
 declare function prependBase(url: string, baseServer: string): string;
 declare function removeBaseServer(url: string, baseServer: string): string;
 declare function isBaseAssets(base: string): boolean;
@@ -15,3 +16,4 @@ declare function removeUrlOrigin(url: string): {
     origin: string | null;
 };
 declare function addUrlOrigin(url: string, origin: string | null): string;
+declare function isUriWithProtocol(uri: string): boolean;

package/dist/esm/utils/parseUrl-extras.js

@@ -5,6 +5,7 @@ export { removeBaseServer };
 export { modifyUrlPathname };
 export { removeUrlOrigin };
 export { addUrlOrigin };
+export { isUriWithProtocol };
 import { assertUrlComponents, createUrlFromComponents, isBaseServer, parseUrl } from './parseUrl.js';
 import { assert } from './assert.js';
 import { slice } from './slice.js';
@@ -100,3 +101,7 @@ function addUrlOrigin(url, origin) {
     const urlModified = createUrlFromComponents(origin, pathnameOriginal, searchOriginal, hashOriginal);
     return urlModified;
 }
+function isUriWithProtocol(uri) {
+    // https://en.wikipedia.org/wiki/List_of_URI_schemes
+    return /^[a-z0-9][a-z0-9\.\+\-]*:/i.test(uri);
+}

package/dist/esm/utils/projectInfo.d.ts

@@ -1,13 +1,13 @@
 export { projectInfo };
 export type { ProjectTag };
 export { PROJECT_VERSION };
-declare const PROJECT_VERSION: "0.4.147-commit-2fa53b2";
+declare const PROJECT_VERSION: "0.4.147-commit-f9a91f3";
 type PackageName = typeof projectInfo.npmPackageName;
 type ProjectVersion = typeof projectInfo.projectVersion;
 type ProjectTag = `[${PackageName}]` | `[${PackageName}@${ProjectVersion}]`;
 declare const projectInfo: {
     projectName: "Vike";
-    projectVersion: "0.4.147-commit-2fa53b2";
+    projectVersion: "0.4.147-commit-f9a91f3";
     npmPackageName: "vike";
     githubRepository: "https://github.com/vikejs/vike";
 };

package/dist/esm/utils/projectInfo.js

@@ -1,7 +1,7 @@
 export { projectInfo };
 export { PROJECT_VERSION };
 import { onProjectInfo } from './assertSingleInstance.js';
-const PROJECT_VERSION = '0.4.147-commit-2fa53b2';
+const PROJECT_VERSION = '0.4.147-commit-f9a91f3';
 const projectInfo = {
     projectName: 'Vike',
     projectVersion: PROJECT_VERSION,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vike",
-  "version": "0.4.147-commit-2fa53b2",
+  "version": "0.4.147-commit-f9a91f3",
   "scripts": {
     "dev": "tsc --watch",
     "build": "rimraf dist/ && pnpm run build:esm && pnpm run build:cjs",