Closed cycomachead closed 7 months ago
if //
is showing up in your requests then you either have a bug with how you're generating URLs, or someone is just sending malformed URLs at your server, hence by default it returns 404.
The only case I think it's reasonable to mutate the URL by default and try again is for a trailing /
, which a user may type themselves without knowing which is preferred by the server.
We've been flagged by some automated scanning tools for the open redirect issue on the default route -- it's currently a TODO in the code.
Thanks for providing the override example in docs! I've added the following line our app's
default_route
Is there any reason not to make this the default for lapis? I suppose I could do this only to the initial
//
in a URL, but it doesn't seem like//
is really valid in URLs in general.