fix: ensureSecureProtocol removing '//' inside URL paths

[vmridul]

What this fixes

This PR fixes a bug in ensureSecureProtocol.

Before, when a URL had no protocol, the helper removed the first // anywhere in the string.
That worked for values like //www.google.com, but it could also change // that was part of the path.

Example:

www.google.com/docs//api

Before:
https://www.google.com/docsapi

After:
https://www.google.com/docs//api

What changed

I updated the helper to remove // only when it is at the start of the value.

I also added a test for a URL with // inside the path, because that was the broken case.

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• Improvement (non-breaking change which improves a current function)
• New feature (non-breaking change which adds functionality)
• Documentation update (if none of the other choices apply)

Checklist

• I have read the CONTRIBUTING doc
• I have signed the CLA
• Lint and unit tests pass locally with my changes
• I have added tests that prove my fix is effective or that my feature works (if applicable)
• I have added necessary documentation (if applicable)
• Any dependent changes have been merged and published in downstream modules

Summary by CodeRabbit

• Bug Fixes
  • Improved URL protocol handling to correctly preserve double slashes within URL paths while ensuring HTTPS is prepended when needed.

[coderabbitai]

Walkthrough

Fixed a bug in the ensureSecureProtocol function where it incorrectly removed double slashes appearing within URL paths. The fix restricts double-slash removal to only the beginning of the URL via a regex anchor. Test coverage added to verify the corrected behavior.

Changes

Cohort / File(s)	Summary
ensureSecureProtocol Bug Fix app/lib/methods/helpers/ensureSecureProtocol.ts	Updated regex pattern from /'' to /^\/\// to remove only leading // instead of the first occurrence anywhere in the URL, preventing accidental removal of double slashes within the path.
ensureSecureProtocol Test app/lib/methods/helpers/ensureSecureProtocol.test.ts	Added test case verifying that double slashes within URL paths (e.g., www.google.com/docs//api) are preserved while https:// is prepended when no scheme is present.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested labels

type: bug

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately describes the main bug fix: correcting ensureSecureProtocol to avoid removing '//' characters that appear inside URL paths.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

app/lib/methods/helpers/ensureSecureProtocol.test.ts (1)

20-23: Good test coverage for the bug fix!

The test clearly validates that double slashes within the URL path are preserved while https:// is prepended.

💡 Optional: Consider adding a test for the combined scenario

To ensure both the leading // stripping and internal // preservation work together, consider adding:

it('strips leading double slashes while preserving double slashes in the path', () => {
	const linkWithBoth = '//www.google.com/docs//api';
	expect(ensureSecureProtocol(linkWithBoth)).toBe('https://www.google.com/docs//api');
});

This would verify that the fix handles URLs that have both leading // (like the test on line 17) and internal // (like your new test) simultaneously.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@app/lib/methods/helpers/ensureSecureProtocol.test.ts` around lines 20 - 23,
Add a new test to cover the combined scenario where a URL has leading double
slashes and internal double slashes: call ensureSecureProtocol with the string
'//www.google.com/docs//api' and assert it returns
'https://www.google.com/docs//api' so the function both strips the leading '//'
and preserves internal '//' in the path; place this alongside the existing tests
in ensureSecureProtocol.test.ts and reference the ensureSecureProtocol function.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@app/lib/methods/helpers/ensureSecureProtocol.test.ts`:
- Around line 20-23: Add a new test to cover the combined scenario where a URL
has leading double slashes and internal double slashes: call
ensureSecureProtocol with the string '//www.google.com/docs//api' and assert it
returns 'https://www.google.com/docs//api' so the function both strips the
leading '//' and preserves internal '//' in the path; place this alongside the
existing tests in ensureSecureProtocol.test.ts and reference the
ensureSecureProtocol function.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 78f60f74-4ee8-4808-97d0-b24cbeea5123

📥 Commits

Reviewing files that changed from the base of the PR and between fef83b0 and a319582.

📒 Files selected for processing (2)

• app/lib/methods/helpers/ensureSecureProtocol.test.ts
• app/lib/methods/helpers/ensureSecureProtocol.ts

📜 Review details

🔇 Additional comments (1)

app/lib/methods/helpers/ensureSecureProtocol.ts (1)

6-6: LGTM! The fix correctly addresses the bug.

The regex anchor ^ ensures that only leading // is stripped, preserving any // occurrences within the URL path. This is the correct minimal fix for the reported issue.