search

RequestPolicy / requestpolicy

RequestPolicy is a Firefox extension that gives you control over cross-site requests. --- Be sure to look at the dev-1.0 branch as that's where all of the interesting work is happening. See also: https://www.requestpolicy.com/1.0.html
https://www.requestpolicy.com/
107 stars 17 forks source link

URLs with non-ascii characters in the path redirect improperly from redirect notification "allow" #224

Closed jsamuel closed 12 years ago

jsamuel commented 12 years ago 
imported trac ticket
created: 2011-04-22 12:23:33
reporter: justin

The following shortened url:

http://bit.ly/dS5fSO

redirects to a url with a non-ascii character in the path:

https://blog.whitehatsec.com/whitehat-security’s-approach-to-detecting-cross-site-request-forgery-csrf/

However, RP redirects to the following when a user clicks "allow" from the redirect notification:

https://blog.whitehatsec.com/whitehat-security%C3%A2%C2%80%C2%99s-approach-to-detecting-cross-site-request-forgery-csrf/

This second link is not equivalent to the first and the result is a 404.

jsamuel commented 12 years ago 
imported trac comment
created: 2011-09-04 12:45:30
author: justin

Testing again now. This appears to not be a problem anymore. I'm not sure what changed. I even tested with old versions (RP 0.5.16 on Fx 3.6.13) and this isn't a problem now.

It's definitely possible that there's still a bug around but I'll wait until someone reports a similar bug before looking into this again.