Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Relative rediects per RFC7231 as the new default #749
Current behavior: Bottle tries to turn relative URLs in
New behavior: Bottle just passes the provided URI as is. No URL-joining will be performed.
This behavior change should have no effect on well behaved clients. Relative URLs in
It is still a behavior change with no obvious upgrade path. This is why I opened this issue. If you can think of a situation where this change breaks an existing application, or introduce a security risk, please speak up.
@shakna-israel , please , try check this changing in your CORS-apps
I think this check-result -- is will be important for all
In my case, I have an application deployed on Apache with mod_wsgi at a subdirectory (e.g. example.com/myapp/). From my virtualhost config:
And in myapp.py:
@route('/<dirname>') def bare_dir(dirname): redirect('/%s/' % dirname)
Even though the
@route('/<dirname>') def bare_dir(dirname): redirect('%s/' % dirname) # no leading slash
I'm not an expert on web standards, so maybe this is the intended usage? But I expected a
The server/app root problem is a very common and annoying thing. Unfortunately, there is no reliable way to know about the 'application root' other than configuration. A proxy could redirect arbitrary urls to the application, rewriting the URL in any way desirable. There is
Currently bottle resolves relative URLs against something it thinks is the server root. It uses
Magically prefixing redirect paths with
I tent do (finally) just pull this simple change, and if we find out later that the missing urljoin breaks reasonable existing applications, we could still make it configurable.