Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unexpected redirect when query param has trailing slash #1856

Closed
1 task done
LGUG2Z opened this issue Mar 15, 2023 · 4 comments
Closed
1 task done

Unexpected redirect when query param has trailing slash #1856

LGUG2Z opened this issue Mar 15, 2023 · 4 comments
Labels
A-axum C-bug Category: This is a bug.

Comments

@LGUG2Z
Copy link

LGUG2Z commented Mar 15, 2023

  • I have looked for existing issues (including closed) about this

Bug Report

Version

❯ cargo tree | grep axum
├── axum v0.6.11
│   ├── axum-core v0.3.3
├── axum-auth v0.4.0
│   ├── axum-core v0.3.3 (*)

Platform

❯ uname -a
Linux nixos 6.1.16 #1-NixOS SMP PREEMPT_DYNAMIC Fri Mar 10 08:34:34 UTC 2023 x86_64 GNU/Linux

Description

I will share a minimal reproduction repository for this when I have a bit more time, but essentially this is a bug with unexpected redirects when query parameters include a trailing slash:

#[derive(Deserialize)]
pub struct ItemGetQuery {
    url: String,
}

pub async fn item_get(
    query: Query<ItemGetQuery>,
) -> Result<Json<ItemGetResponse>, ApiError> {
    // some logic
}

// over in the main fn ...

let app = Router::new()
    .route("/v1/item", routing::get(item_get));

When the query parameter is a URL string with a trailing slash, the Axum trailing slash redirect behaviour (which based on reading issues in this repo, should have been disabled by default now?) kicks in leading to unexpected/undefined behaviour.

For example, this curl request:

curl 'http://localhost:1234/v1/item?url=https://blog.alexellis.io/docker-is-deleting-open-source-images/'

Will result in an unexpected 308 redirect to this location:

location: /item?url=https://blog.alexellis.io/docker-is-deleting-open-source-images/

Which will then of course ultimately lead to a 404 response.
@jplatte
Copy link
Member

jplatte commented Mar 15, 2023

Can you please provide a minimal reproducible example?

@davidpdrsn
Copy link
Member

Is http://localhost:1234/v1/item?url=https://blog.alexellis.io/docker-is-deleting-open-source-images/ even a valid uri? I would have guessed you need to escape the /s

@jplatte
Copy link
Member

jplatte commented Mar 15, 2023

I don't think the /s need to be escaped, c.f. https://url.spec.whatwg.org/#query-percent-encode-set

@davidpdrsn davidpdrsn added C-bug Category: This is a bug. A-axum labels Mar 15, 2023
@LGUG2Z
Copy link
Author

LGUG2Z commented Mar 15, 2023

I must embarrassingly admit that when putting together the isolated reproduction for this issue, I realized that this was a case of overzealous reverse-proxy caching in the browser where this bug had previously occurred and the response with that behaviour was being served again and again as a cached 308 response.

Apologies for the false alarm, closing this issue !:ok_hand:

@LGUG2Z LGUG2Z closed this as completed Mar 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-axum C-bug Category: This is a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@davidpdrsn @jplatte @LGUG2Z