- bug report? yes
- feature request? yes
- version:
v3.0.0
Description
In case of domain.com//// internal method match(IRequest $httpRequest): ?array got fake URL with only one slash.
Some example (CustomRouter.php):
public function match(IRequest $httpRequest): ?array
{
$url = $httpRequest->getUrl();
dump($url);
dump($url->getAbsoluteUrl());
$realUrl = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http')
. '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
dump($realUrl);
die;In production mode dump looks like this:
So object UrlScript contains invalid URL and I can open URL https://nette.org, https://nette.org/ and https://nette.org///// too without canonical redirect.
Steps To Reproduce
Open https://nette.org///// for example:
Thanks.
v3.0.0Description
In case of
domain.com////internal methodmatch(IRequest $httpRequest): ?arraygot fake URL with only one slash.Some example (
CustomRouter.php):In production mode dump looks like this:
So object
UrlScriptcontains invalid URL and I can open URLhttps://nette.org,https://nette.org/andhttps://nette.org/////too without canonical redirect.Steps To Reproduce
Open
https://nette.org/////for example:Thanks.