From ed5459b73e3b2ce70776dfb88800123ec7bef3f5 Mon Sep 17 00:00:00 2001
From: Thomas Espach <tespach@duckduckgo.com>
Date: Wed, 20 Nov 2024 13:48:59 +0000
Subject: [PATCH] Fix address bar spoofing server routes

---
 security/address-bar-spoofing/spoof-js-download-url.html | 2 +-
 security/address-bar-spoofing/spoof-new-window.html      | 4 ++--
 server.js                                                | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/security/address-bar-spoofing/spoof-js-download-url.html b/security/address-bar-spoofing/spoof-js-download-url.html
index 508298b..6a564fb 100644
--- a/security/address-bar-spoofing/spoof-js-download-url.html
+++ b/security/address-bar-spoofing/spoof-js-download-url.html
@@ -11,7 +11,7 @@
       const w = open()
       w.opener = null
       w.document.write('<h1>Not DDG.</h1>')
-      w.location = '/security/address-bar-spoofing-download-redirect'
+      w.location = '/security/abs/download-redirect'
     }
   </script>
 </head>
diff --git a/security/address-bar-spoofing/spoof-new-window.html b/security/address-bar-spoofing/spoof-new-window.html
index b5b771c..cf4defd 100644
--- a/security/address-bar-spoofing/spoof-new-window.html
+++ b/security/address-bar-spoofing/spoof-new-window.html
@@ -19,7 +19,7 @@
                 try {
                     w.location.href;
                 } catch (e) {
-                    w.location.href = 'https://broken.third-party.site/security/address-bar-spoofing/no-content';
+                    w.location.href = 'https://broken.third-party.site/security/abs/no-content';
                     clearInterval(i);
                 }
             }, 1);
@@ -37,7 +37,7 @@
     vulnerable to this attack. Note: this won't work if run from broken.third-party.site. Ensure it is run from 
     another origin such as https://privacy-test-pages.site.
 
-    
+
     <button onclick="newWindow()">New Window</button>
     <button onclick="spoof()">Spoof</button>
 </body>
diff --git a/server.js b/server.js
index 0d883d9..e813e25 100644
--- a/server.js
+++ b/server.js
@@ -279,7 +279,7 @@ const viewportRoutes = require('./viewport/server/routes.js');
 app.use('/viewport', viewportRoutes);
 
 const addressBarSpoofingRoutes = require('./security/address-bar-spoofing/server/routes.js');
-app.use('/security/address-bar-spoofing-download-redirect', addressBarSpoofingRoutes);
+app.use('/security/abs/', addressBarSpoofingRoutes);
 
 const phishingDetectionRoutes = require('./security/badware/server/routes.js');
 app.use('/security/badware/phishing-redirect', phishingDetectionRoutes);