Skip to content

fix(cloudflare): add baseURL if no operations but source was relative#2162

Open
FKarstein wants to merge 1 commit intonuxt:mainfrom
FKarstein:fix-cloudflare-base-url
Open

fix(cloudflare): add baseURL if no operations but source was relative#2162
FKarstein wants to merge 1 commit intonuxt:mainfrom
FKarstein:fix-cloudflare-base-url

Conversation

@FKarstein
Copy link

@FKarstein FKarstein commented Mar 12, 2026

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

🔗 Linked issue

📚 Description

I've added hasProtocol(src) to decide wether the src url can be returned as is or if it needs the baseURL prepended.

The bug was introduced with this change:
c68e111#diff-1982745bb2a7ce7f4f529e1d43edfb0b98a52d03876e61b5dbaf9fb2ac28dda3

and the currently open PR:
#2126

did not fix the issue for me, because it uses the nuxt.baseURL and not the one configured for the provider.

@FKarstein FKarstein requested a review from danielroe as a code owner March 12, 2026 12:56
@pkg-pr-new
Copy link

pkg-pr-new bot commented Mar 12, 2026

Open in StackBlitz

npm i https://pkg.pr.new/@nuxt/image@2162

commit: 000d181

@coderabbitai
Copy link

coderabbitai bot commented Mar 12, 2026

📝 Walkthrough

Walkthrough

The Cloudflare image provider's fallback URL resolution logic was modified to handle relative paths more explicitly. The import statement now includes hasProtocol from the 'ufo' library. When no image operations are generated, the provider checks whether the source URL already contains a protocol. If it does, the URL is returned as-is; otherwise, it is joined with the baseURL to create an absolute path.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and concisely describes the main fix: adding baseURL handling for relative source URLs in Cloudflare provider when no operations are present.
Description check ✅ Passed The description directly relates to the changeset, explaining the bug fix, the root cause, and why previous approaches were insufficient.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Mar 12, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/runtime/providers/cloudflare.ts`:
- Line 49: The URL assembly incorrectly treats protocol-relative sources as
relative because hasProtocol(src) is used; update the check to hasProtocol(src,
{ acceptRelative: true }) (or refactor the ternary into an if/else) so
protocol-relative URLs (e.g., //cdn.example.com/...) are treated as absolute and
not joined with baseURL; adjust the expression that sets url (which uses
joinURL, baseURL, operations, src) to use this updated hasProtocol call and
preserve the existing logic for operations and normal relative paths.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 08251f8a-a5f9-4907-b3a3-6aaa2c53549e

📥 Commits

Reviewing files that changed from the base of the PR and between af0d0a2 and d18ccec.

📒 Files selected for processing (1)
  • src/runtime/providers/cloudflare.ts

src/runtime/providers/cloudflare.ts

// https://<ZONE>/cdn-cgi/image/<OPTIONS>/<SOURCE-IMAGE>
const url = operations ? joinURL(baseURL, 'cdn-cgi/image', operations, src) : src
const url = operations ? joinURL(baseURL, 'cdn-cgi/image', operations, src) : hasProtocol(src) ? src : joinURL(baseURL, src)
Copy link

@coderabbitai coderabbitai bot Mar 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

Does ufo hasProtocol function return true for protocol-relative URLs like //example.com by default?

💡 Result:

No. In unjs/ufo, hasProtocol("//example.com") returns false by default; it only returns true for protocol-relative (scheme-relative) URLs if you pass { acceptRelative: true }. [1]

Handle protocol-relative URLs in the src parameter.

The code doesn't account for protocol-relative URLs (e.g., //cdn.example.com/image.jpg). Since hasProtocol returns false for these by default, they would be incorrectly joined with baseURL, producing malformed results like https://mysite.com//cdn.example.com/image.jpg.

Use hasProtocol(src, { acceptRelative: true }) to properly detect protocol-relative URLs as absolute:

Fix for protocol-relative URL handling 
-    const url = operations ? joinURL(baseURL, 'cdn-cgi/image', operations, src) : hasProtocol(src) ? src : joinURL(baseURL, src)
+    const url = operations ? joinURL(baseURL, 'cdn-cgi/image', operations, src) : hasProtocol(src, { acceptRelative: true }) ? src : joinURL(baseURL, src)

Alternatively, the nested ternary could be rewritten as an if-else block for improved readability.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@src/runtime/providers/cloudflare.ts` at line 49, The URL assembly incorrectly
treats protocol-relative sources as relative because hasProtocol(src) is used;
update the check to hasProtocol(src, { acceptRelative: true }) (or refactor the
ternary into an if/else) so protocol-relative URLs (e.g., //cdn.example.com/...)
are treated as absolute and not joined with baseURL; adjust the expression that
sets url (which uses joinURL, baseURL, operations, src) to use this updated
hasProtocol call and preserve the existing logic for operations and normal
relative paths.

@codecov-commenter
Copy link

codecov-commenter commented Mar 12, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 32.52%. Comparing base (af0d0a2) to head (d18ccec).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2162   +/-   ##
=======================================
  Coverage   32.52%   32.52%           
=======================================
  Files           7        7           
  Lines         372      372           
  Branches      131      131           
=======================================
  Hits          121      121           
  Misses        194      194           
  Partials       57       57

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@danielroe danielroe Awaiting requested review from danielroe danielroe is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@FKarstein @codecov-commenter