The directory-router has two ways of serving a URL: by proxying to
a Shiny app, or by serving a static file (or directory listing) from
disk. Previously, the URL parsing logic for the two code paths was
totally different, and the former code path was more carefully coded
against possibly malicious or malformed URLs. Unfortunately, URLs
that were rejected by the former code path were then passed on to
the latter code path.
This change ensures that failure to pass URL checks cause the router
to give up on servicing the request (leading to a 404, probably).
The directory-router has two ways of serving a URL: by proxying to a Shiny app, or by serving a static file (or directory listing) from disk. Previously, the URL parsing logic for the two code paths was totally different, and the former code path was more carefully coded against possibly malicious or malformed URLs. Unfortunately, URLs that were rejected by the former code path were then passed on to the latter code path.
This change ensures that failure to pass URL checks cause the router to give up on servicing the request (leading to a 404, probably).