Normalize path decoding, append fragment to path #2117
Conversation
Talked with @grumpydev about this. There's a substantial drawback to this approach as well; by decoding in the host, you won't be able to separate between The only host where we can't get rid of the decoding is in the OWIN host, since it's specified in the spec:
So we have to choose;
There could be a 3rd alternative as well, and that would be to introduce some config passed from the hosts that specifies whether Nancy needs to decode or if the path's already been decoded. |
The 3d option is going to be possible with the new But, if we're going all-in on OWIN (making |
The problem is that there's no way to fix it. Once the path has been decoded, you've lost some vital data. The OWIN spec should never have said that IMO. The fix would be to fix the spec and make all hosts (including Katana) follow it. I don't know if that'll happen. The damage is done. |
Once we unify around OWIN, this PR is obsolete anyway. |
So maybe that should be the priority? |
Maybe. Then we/someone need to come up with a plan. How do we move things forward? What happens to the ASP.NET and self-hosts? Are we basically changing the interface of |
The discussion so far have been
|
What are the aspnet5 hosts doing? |
This'll "fix" itself once everything moves to OWIN. Let's not hold back 2.0 with this. |
This should fix (or kill) the infamous #1280 and #1154 for good 馃懐 I hope 馃槤
Current State
This is how the different hosts treat path and query strings today:
* This decoding is actually done by Nancy.
In addition to this, Nancy also decodes the path two places in the core pipeline; for route matching and for static content.
This means that for OWIN and self-host, the path would be double decoded today.
There's also a weird issue with the ASP.NET and self-host where it pulls out everything after the first
#
and adds it to theFragment
property. This is not being picked up today.This PR
This PR does a couple of things:
HttpUtility.UrlDecode
(for path decoding) inside Nancy core, including some tests.Url
to the Nancy engine.There's still the question of whether we want to decode the query string as well, but it seems all hosts are doing the same thing here, so it's not really pressing.