kjg
commented
8 years ago Can you write a spec that can get run through all the request drivers to proves we maintain the trailing slash in each implementation of #request_uri
Open packrat386 opened 8 years ago
kjg
commented
8 years ago Can you write a spec that can get run through all the request drivers to proves we maintain the trailing slash in each implementation of #request_uri
ActionDispatch will mutate the uri of a request before the application actually gets a chance to see it. This can lead to auth failures where the client signed with the original version of the path, and the server is comparing against a mutated version.
Instead for ActionDispatch::Request we should use #original_fullpath, which is passed to Rails from Rack.