Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
net/http: DefaultServeMux incorrectly redirect (301) to path if path includes `%2F%2F` #21955
What version of Go are you using (
referenced this issue
Nov 23, 2017
changed the title
net/http.DefaultServeMux incorrectly redirect (301) to path if path includes `%2F%2F`
Mar 30, 2018
I'm not sure if this actually a bug in the first place. The URL reported in the original comment is:
The decoded path is:
ServerMux.Handler uses path.Clean. That path clearly has a double slash and path.Clean translates double slashes to single slashes. Also see here. The godoc for ServerMux.Handler says:
If there's an open question here, the question is around the definition of "canonical path". Does the canonical path convert double slashes to single slashes? If so, does it also convert %2F%2F to "/"? If yes to both questions, there's no bug. Otherwise, there's a bug. AFAICT, these questions are not answered in any documentation. In net/http/server_tests.go, serverMuxTests does not have a case for double slashes, so I suspect this question hasn't come up until now.
As a countermeasure against this similar problem, there is nginx
Therefore, I think, if we follow RFC-3986, the current behavior is buggy.