url.parse Stability: 0 =Deprecated: Use the WHATWG URL API

andrewpartrickmiller

Creating. a web server with node core

const server = http.createServer((req, res) => {
  res.setHeader('Content-Type', 'text/html')
  if (req.method !== 'GET') {
    res.statusCode = 405
    res.end(STATUS_CODES[res.statusCode] + '\r\n')
    return
  }
  const { pathname } = url.parse(req.url)
  if (pathname === '/') {
    res.end(root)
    return
  }
  if (pathname === '/hello') {
    res.end(hello)
    return
  }
  res.statusCode = 404
  res.end(STATUS_CODES[res.statusCode] + '\r\n')
})

The code above is from the section creating a web server with node core. It uses the url.parse method to retrieve the url path. While recreating this serve. I was looking at the documentation and I found this.

url.parse(urlString[, parseQueryString[, slashesDenoteHost]])
#

Stability: 0 - Deprecated: Use the WHATWG URL API instead.

here: https://nodejs.org/dist/latest-v14.x/docs/api/url.html#url_url_parse_urlstring_parsequerystring_slashesdenotehost

And it is telling me that using this method can introduce security issues.

I tried using the WHATWG URL API that they recommend, Although I found that API to be cumbersome.

**How should we be recreating this server, should we be doing it with the path.url() or is there a another way we might want to do it?
**

davidmarkclements

@andrewpartrickmiller

The material is written against Node 12, but is compatible with Node 14. It's deprecated in 14 but not 12. Deprecated APIs are still functional.

It's deprecated in favour of the recent native URL constructor, see https://developer.mozilla.org/en-US/docs/Web/API/URL/URL

mauro.accornero

There's an example on Node docs https://nodejs.org/docs/latest-v14.x/api/http.html#http_message_url

something like this can be done:

const { pathname } = new URL(req.url, "http://" + req.headers.host)