From 0a8387ecd20bcac3a3d5ffa4845a3b3c2c76799a Mon Sep 17 00:00:00 2001
From: Zachary Huff <zach.huff.386@gmail.com>
Date: Sun, 29 Jan 2023 18:32:48 -0500
Subject: [PATCH] FIX: Validate asset url before replacing base url (#16438)

Co-authored-by: Joffrey JAFFEUX <j.jaffeux@gmail.com>
---
 .../javascripts/discourse-common/addon/lib/get-url.js     | 2 +-
 .../javascripts/discourse/tests/unit/lib/get-url-test.js  | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/assets/javascripts/discourse-common/addon/lib/get-url.js b/app/assets/javascripts/discourse-common/addon/lib/get-url.js
index ec7d751846e..65157ac6b19 100644
--- a/app/assets/javascripts/discourse-common/addon/lib/get-url.js
+++ b/app/assets/javascripts/discourse-common/addon/lib/get-url.js
@@ -38,7 +38,7 @@ export function getURLWithCDN(url) {
   // only relative urls
   if (cdn && /^\/[^\/]/.test(url)) {
     url = cdn + url;
-  } else if (S3CDN) {
+  } else if (S3CDN && url.startsWith(S3BaseUrl)) {
     url = url.replace(S3BaseUrl, S3CDN);
   }
   return url;
diff --git a/app/assets/javascripts/discourse/tests/unit/lib/get-url-test.js b/app/assets/javascripts/discourse/tests/unit/lib/get-url-test.js
index 25553f9fe17..1ec66aaf1a0 100644
--- a/app/assets/javascripts/discourse/tests/unit/lib/get-url-test.js
+++ b/app/assets/javascripts/discourse/tests/unit/lib/get-url-test.js
@@ -172,4 +172,12 @@ module("Unit | Utility | get-url", function () {
 
     assert.strictEqual(getURLWithCDN(url), expected, "at correct path");
   });
+
+  test("getURLWithCDN when URL includes protocol", function (assert) {
+    setupS3CDN("//awesome.cdn/site", "https://awesome.cdn/site");
+
+    let url = "https://awesome.cdn/site/awesome.png";
+
+    assert.strictEqual(getURLWithCDN(url), url, "at correct path");
+  });
 });