I make sure manually, that “.” in URLs are encoded as “%2E”. The route
looks like this
get ‘things/:url’ => ‘things#show’
This works just fine with Mongrel, but it does not work with Apache and
Passenger. The request doesn’t even get through to my app, I only get a
404 response and a corresponding entry in
/var/log/apache2/other_vhosts_access.log
There is nothing in the app’s log. The problem appears to be caused by
the “/” in the :url parameter, even though they are encoded as “%2F”.
I’d prefer if I didn’t have to read through all the ActionPack and Rack
routing code to understand what’s happening and find a remedy. It must
be possible to do this cleanly.
On Tue, Sep 14, 2010 at 11:13 AM, Michael S. [email protected] wrote:
[…]
There is nothing in the app’s log. The problem appears to be caused
by the “/” in the :url parameter, even though they are encoded as
“%2F”.
I’d prefer if I didn’t have to read through all the ActionPack and
Rack routing code to understand what’s happening and find a
remedy. It must be possible to do this cleanly.
Thanks, Jeremy, that’s been very helpful. In combination with route
globbing, i.e.
get ‘things/*url’ => ‘things#show’
the intended controller action is called. Curiously, consecutive slashes
are collapsed somewhere in parameter processing, so that “http://foo”
becomes “http:/foo”. Well, I can work around that, though, of course I’d
prefer if I didn’t have to.
Are there any security implications of enabling AllowEncodedSlashes? I
figure there must be a reason that they are not enabled by default.