Bug: Canonical logic accept domain.com/////

[janbarasek]

• bug report? yes
• feature request? yes
• version: v3.0.0

Description

In case of domain.com//// internal method match(IRequest $httpRequest): ?array got fake URL with only one slash.

Some example (CustomRouter.php):

public function match(IRequest $httpRequest): ?array
{
    $url = $httpRequest->getUrl();
    dump($url);
    dump($url->getAbsoluteUrl());
    $realUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http')
        . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    dump($realUrl);
    die;

In production mode dump looks like this:

So object UrlScript contains invalid URL and I can open URL https://nette.org, https://nette.org/ and https://nette.org///// too without canonical redirect.

Steps To Reproduce

Open https://nette.org///// for example:

Thanks.

[JanTvrdik]

There's a built-in path filter in Nette\Http\RequestFactory which replaces sequence of / with a single /. See https://github.com/nette/http/blob/v3.0.3/src/Http/RequestFactory.php#L28

[janbarasek]

Yes, of course, but I think this is a natural duplication that should be redirected.

[janbarasek]

@dg How can I solve this issue? This bug makes a number of duplicate pages and damages SEO.

I think firstly I must fix Url entity which should support sequence of / in case of homepage or ending with it.

Thanks.

[dg]

This is related to nette/http, I know about it and it will be addressed in version 4.0.