Closed nopor closed 4 years ago
Hi @nopor, thanks for filing the issue!
.
and ..
are reserved sequences in URI segments and hold special meaning (reference). The URI /foo/bar/../baz
would resolve to /foo/baz
, and /avatars/285/..
in this case is resolving to /avatars
, which leads to the 404 you're seeing. Appending the suffix means it's no longer a reserved sequence, and things work as expected.
I don't think that we can circumvent this, nor would we want to if we could. I would recommend modifying your requests such that the string ..
is never the sole identifier, which you've already shown one way of doing (appending a suffix). You could also encode the identifier in some way (base64, etc.) to similar effect.
I hope that helps!
Hi @rylnd,
Yes, that's why I was filing this report. It could be resolved just for this specific servlet, though at least in the demo it could be prevented in order to not have an empty image on display.
Thanks for the quick answer. I suppose we can close the issue then, since it was more about to raise awareness.
What is happening? If the identifier ‘..’ is chosen, the result is actually a 404.
What is expected? An image as usual.
URL: https://api.adorable.io/avatars/285/..
However, it works with the suffix .png (https://api.adorable.io/avatars/285/...png)