From c472bb1fdca56b00d140e2dd99d11bf8b4cccf04 Mon Sep 17 00:00:00 2001
From: "Torsten Schulz (local)" <tsschulz@gmx.net>
Date: Tue, 10 Mar 2026 22:37:30 +0100
Subject: [PATCH] fix(clickTtHttpPageRoutes, clickTtHttpPageService): update
 effective page URL handling in proxy routes

- Introduced a new variable, effectivePageUrl, to ensure the correct URL is used for rewriting links and form actions in both GET and POST proxy requests.
- Updated the logic to derive the page origin from effectivePageUrl, enhancing the accuracy of base tag handling for relative URLs.
- Enhanced logging in the fetchWithLogging function to include the response URL, improving traceability in HTTP requests.
---
 backend/routes/clickTtHttpPageRoutes.js    | 18 ++++++++++--------
 backend/services/clickTtHttpPageService.js |  1 +
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/backend/routes/clickTtHttpPageRoutes.js b/backend/routes/clickTtHttpPageRoutes.js
index 0c4c9f48..2f2c3acc 100644
--- a/backend/routes/clickTtHttpPageRoutes.js
+++ b/backend/routes/clickTtHttpPageRoutes.js
@@ -212,6 +212,7 @@ router.get('/proxy', async (req, res, next) => {
       userId: null,
       headers: Object.keys(cookies).length > 0 ? { Cookie: formatCookies(cookies) } : {},
     });
+    const effectivePageUrl = result.responseUrl || targetUrl;
 
     const responseHeaders = result.headers;
     if (responseHeaders) {
@@ -233,7 +234,7 @@ router.get('/proxy', async (req, res, next) => {
       .replace(/<meta[^>]*http-equiv=["']x-content-type-options["'][^>]*>/gi, '');
 
     // Base-Tag: Relative URLs (z.B. Formular-Actions beim Login) müssen zur Original-Domain auflösen
-    const pageOrigin = (() => { try { return new URL(targetUrl).origin + '/'; } catch { return null; } })();
+    const pageOrigin = (() => { try { return new URL(effectivePageUrl).origin + '/'; } catch { return null; } })();
     if (pageOrigin) {
       html = html.replace(/<base[^>]*>/gi, '');
       html = html.replace(/<head([^>]*)>/i, `<head$1><base href="${pageOrigin}">`);
@@ -244,9 +245,9 @@ router.get('/proxy', async (req, res, next) => {
     const baseUrl = process.env.BACKEND_BASE_URL || process.env.BASE_URL
       || `${req.protocol || 'http'}://${req.get('host') || 'localhost:' + (process.env.PORT || 3005)}`;
     const proxyBase = baseUrl.replace(/\/$/, '') + '/api/clicktt/proxy';
-    html = rewriteLinksInHtml(html, proxyBase, targetUrl, sid);
-    html = rewriteFormActionsInHtml(html, proxyBase, targetUrl, sid);
-    html = rewriteMetaRefreshInHtml(html, proxyBase, targetUrl, sid);
+    html = rewriteLinksInHtml(html, proxyBase, effectivePageUrl, sid);
+    html = rewriteFormActionsInHtml(html, proxyBase, effectivePageUrl, sid);
+    html = rewriteMetaRefreshInHtml(html, proxyBase, effectivePageUrl, sid);
 
     res.set({
       'Content-Type': 'text/html; charset=utf-8',
@@ -293,6 +294,7 @@ router.post('/proxy', async (req, res, next) => {
       },
       userId: null,
     });
+    const effectivePageUrl = result.responseUrl || targetUrl;
 
     const responseHeaders = result.headers;
     if (responseHeaders) {
@@ -334,14 +336,14 @@ router.post('/proxy', async (req, res, next) => {
       responseBody = responseBody
         .replace(/<meta[^>]*http-equiv=["']content-security-policy["'][^>]*>/gi, '')
         .replace(/<meta[^>]*http-equiv=["']x-frame-options["'][^>]*>/gi, '');
-      const pageOrigin = (() => { try { return new URL(targetUrl).origin + '/'; } catch { return null; } })();
+      const pageOrigin = (() => { try { return new URL(effectivePageUrl).origin + '/'; } catch { return null; } })();
       if (pageOrigin) {
         responseBody = responseBody.replace(/<base[^>]*>/gi, '');
         responseBody = responseBody.replace(/<head([^>]*)>/i, `<head$1><base href="${pageOrigin}">`);
       }
-      responseBody = rewriteLinksInHtml(responseBody, proxyBase, targetUrl, sid);
-      responseBody = rewriteFormActionsInHtml(responseBody, proxyBase, targetUrl, sid);
-      responseBody = rewriteMetaRefreshInHtml(responseBody, proxyBase, targetUrl, sid);
+      responseBody = rewriteLinksInHtml(responseBody, proxyBase, effectivePageUrl, sid);
+      responseBody = rewriteFormActionsInHtml(responseBody, proxyBase, effectivePageUrl, sid);
+      responseBody = rewriteMetaRefreshInHtml(responseBody, proxyBase, effectivePageUrl, sid);
     }
 
     res.set({
diff --git a/backend/services/clickTtHttpPageService.js b/backend/services/clickTtHttpPageService.js
index 497b3e4e..84b3883a 100644
--- a/backend/services/clickTtHttpPageService.js
+++ b/backend/services/clickTtHttpPageService.js
@@ -194,6 +194,7 @@ async function fetchWithLogging(options) {
       body: responseBody,
       executionTimeMs,
       headers: response.headers,
+      responseUrl: response.url || url,
     };
   } catch (error) {
     const executionTimeMs = Date.now() - startTime;