Open ghost opened 8 years ago
I've added a test to verify that indeed opium route params don't match such params.
https://github.com/rgrinberg/opium/commit/98fa61b853a5d34a3c11dc9c4804759b5db98842
I'll have to investigate the cause of the redirection further. Perhaps it's done at the cohttp layer.
Say one does:
There could be an issue with a malicious request containing
../../
. But using telnet I noticed that opium seems to ignore the first../../
. Is that normal behaviour?