You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Was able to get 301 despite doc says that only 2xx and 4xx can be returned which leads to incompatible (with other error responses) body of response.
To Reproduce
Steps to reproduce the behavior:
make a request on http://localhost:8200/v1/secret//v1/secret/Test (consider two slashes in the middle)
the same reproduces for other requests that have consecutive slashes in url
The 301 is being generated by default behaviour in the Go HTTP server library that Vault uses.
It's not great behaviour for an API (it's more suited to websites), and this isn't the first time it has surprised users, also being reported in #18379 and #18062.
It would be quite nice to fix this but Go's net/http.ServeMux provides no way to customize this behaviour, so it would need a copy/paste of around 250 lines of code from the Go standard library into Vault, to make the necessary modifications.
There is also a potential compatibility issue - some clients might be incorrectly relying on this behaviour to silently recover from incorrectly composing URLs containing multiple consecutive slashes.
For clarity, I should point out that I do not work for HashiCorp, I'm just an interested user of Vault. Actual HashiCorp staff will need to take a decision on what direction to go in regarding this.
Describe the bug
Was able to get 301 despite doc says that only 2xx and 4xx can be returned which leads to incompatible (with other error responses) body of response.
To Reproduce
Steps to reproduce the behavior:
http://localhost:8200/v1/secret//v1/secret/Test
(consider two slashes in the middle)Expected behavior
At least 404
Environment:
Vault server configuration file(s):
The text was updated successfully, but these errors were encountered: