HTTP 301 on wrong http address

[apischan]

Describe the bug
Was able to get 301 despite doc says that only 2xx and 4xx can be returned which leads to incompatible (with other error responses) body of response.

To Reproduce
Steps to reproduce the behavior:

1. make a request on http://localhost:8200/v1/secret//v1/secret/Test (consider two slashes in the middle)
2. the same reproduces for other requests that have consecutive slashes in url

Expected behavior
At least 404

Environment:

• Vault Server Version (1.9.2):
• Vault CLI Version (Vault v1.9.2 (f4c6d87)):
• Server Operating System/Architecture: oficial docker image

Vault server configuration file(s):

storage "file" {
  path = "/vault/file/data"
}

listener "tcp" {
  address = "0.0.0.0:8200"
  tls_disable = "true"
}

ui = true

[maxb]

The 301 is being generated by default behaviour in the Go HTTP server library that Vault uses.

It's not great behaviour for an API (it's more suited to websites), and this isn't the first time it has surprised users, also being reported in #18379 and #18062.

[maxb]

It would be quite nice to fix this but Go's net/http.ServeMux provides no way to customize this behaviour, so it would need a copy/paste of around 250 lines of code from the Go standard library into Vault, to make the necessary modifications.

There is also a potential compatibility issue - some clients might be incorrectly relying on this behaviour to silently recover from incorrectly composing URLs containing multiple consecutive slashes.

For clarity, I should point out that I do not work for HashiCorp, I'm just an interested user of Vault. Actual HashiCorp staff will need to take a decision on what direction to go in regarding this.