fix: handle invalid Referer header in article lookup middleware (#58793)

heiskr · web-flow · commit abf0033fe875 · 2025-12-10T17:46:47.000Z
diff --git a/src/article-api/middleware/article.ts b/src/article-api/middleware/article.ts
@@ -172,11 +172,19 @@ function incrementArticleLookup(
 
   // logs the source of the request, if it's for hovercards it'll have the header X-Request-Source.
   // see src/links/components/LinkPreviewPopover.tsx
-  const source =
-    req.get('X-Request-Source') ||
-    (req.get('Referer')
-      ? `external-${new URL(req.get('Referer') || '').hostname || 'unknown'}`
-      : 'external')
+  let source = req.get('X-Request-Source')
+  if (!source) {
+    const referer = req.get('Referer')
+    if (referer) {
+      try {
+        source = `external-${new URL(referer).hostname || 'unknown'}`
+      } catch {
+        source = 'external'
+      }
+    } else {
+      source = 'external'
+    }
+  }
 
   const tags = [
     // According to https://docs.datadoghq.com/getting_started/tagging/#define-tags
diff --git a/src/article-api/tests/article-body.ts b/src/article-api/tests/article-body.ts
@@ -66,4 +66,13 @@ describe('article body api', () => {
     const { error } = JSON.parse(res.body)
     expect(error).toContain("isn't yet available in markdown")
   })
+
+  test('invalid Referer header does not crash', async () => {
+    const res = await get(makeURL('/en/get-started/start-your-journey/hello-world'), {
+      headers: {
+        Referer: 'invalid-url',
+      },
+    })
+    expect(res.statusCode).toBe(200)
+  })
 })
