search

gatsbyjs / gatsby

The best React-based framework with performance, scalability and security built in.
https://www.gatsbyjs.com
MIT License
55.27k stars 10.31k forks source link

Page-data not escaping brackets for splat routes #37717

Open affemaen opened 1 year ago

affemaen commented 1 year ago

Preliminary Checks

Description

When using splatroutes, a file called /page-data/[...foobar]/page-data.json is created and downloaded by Gatsby upon invoking that splatroute.

The problem is that Gatsby is NOT escaping the brackets ([]) in the request fetching it, thus breaking the RFC3986 which prohibits the use of [] in the path (unless encoded as %5B/%5D).

Some webservers allow it, while others disallow it, some have undefined behaviour. Playframework is one of the few that actually asserts that they DON'T work in a test case. https://github.com/playframework/playframework/blob/main/core/play-integration-test/src/it/scala/play/it/http/BadClientHandlingSpec.scala#L58-L65

Reproduction Link

https://github.com/affemaen/gatspy-splat-route

Steps to Reproduce

  1. Clone the repository
  2. npm install
  3. npm run build && npm run serve
  4. Open the page in a browser
  5. Open up browser developer tools and reload the page
  6. Click the network tab in Developer tools
  7. Click Fetch/XHR
  8. Click on page-data.json
  9. Check the Request URL: .../page-data/[...index]/page-data.json

Expected Result

The request url to fetch the page-data.json should be .../page-data/%5B...index%5D/page-data.json

Actual Result

The request url to fetch the page-data.json is actually .../page-data/[...index]/page-data.json

Environment

System:
    OS: macOS 13.1
    CPU: (10) arm64 Apple M1 Max
    Shell: 5.8.1 - /bin/zsh
  Binaries:
    Node: 18.12.1 - /usr/local/bin/node
    npm: 8.19.2 - /usr/local/bin/npm
  Browsers:
    Chrome: 110.0.5481.177
    Firefox: 108.0.2
    Safari: 16.2
  npmPackages:
    gatsby: ^5.7.0 => 5.7.0

Config Flags

No response

LekoArts commented 1 year ago

Hi, thanks for the issue!

Feel free to put up a PR fixing this, for us it won't be a high priority as most other websites, browsers, and webservers handle square brackets just fine.

AiIkram commented 1 year ago

hm I'm still new to Gatsby but mabe you can manually encode the brackets in your splatroute. Instead of using [...] in your route definition, use %5B...%5D instead. For example, instead of defining your route as /page-data/[...index]/page-data.json, define it as /page-data/%5B...index%5D/page-data.json ?

Wuero13 commented 1 year ago

Hola que tal disculpe por la inconformidad pero si estoy comentiendo algun error por favor aganmelo saber realmente no tengo conocimiento de esto si me pudieran guiar les agradeciera demasiado