Gerrit91
commented
1 year ago More precisely, the behavior toggled, so before #520 the trailing slash was matching, now the non-trailing slash is matching. Hope the test can point out the difference.
Closed Gerrit91 closed 1 year ago
Gerrit91
commented
1 year ago More precisely, the behavior toggled, so before #520 the trailing slash was matching, now the non-trailing slash is matching. Hope the test can point out the difference.
emicklei
commented
1 year ago thank you for sharing your thoughts and providing a test.
Given the number of reports of problems after fixing a security issue; i am now strongly considering making the "trailing slash handling" a configuration option. The old behavior being the default with the option to change the behaviour to meet the security request.
Gerrit91
commented
1 year ago Thanks @emicklei. I am looking forward to whatever route this problem will take and wait with the update until a decision was made. The config option sounds like a reasonable way to go in order to maintain client compatibility.
With #520 clients receive different responses depending on a trailing slash in the requested path. This did not matter before, so this was a breaking change.
I wrote a small reproducer test to show the difference before and after 05c4911f7a613dab429b2cb4b9837e08c2709335.
Is this expected behavior? It breaks quite a lot of our stuff. 🙈