Polka interprets percent-encoded slashes the same as regular slashes

[tiffany352]

I have an app with a query endpoint like /query/:input and sometimes the input can be something like 1/7.

I would have a url like /query/1%20%2F%207 (percent encoded 1 / 7) and end up getting a 404 page. I added a console.log call and it turned out this was being decoded into /query/1 / 7 in request.url. Express doesn't have this issue, for comparison.

I was using the next version from NPM because that was the default in the Sapper template.

Repro

const polka = require("polka");

polka()
  .use((req, res, next) => {
    console.log("url", req.url);
    next();
  })
  .get("/query/:input", (req, res) => {
    res.end(
      JSON.stringify({
        url: req.url,
        input: req.params.input,
      })
    );
  })
  .listen(3000, (err) => {
    if (err) throw err;
    console.log("> Running on localhost:3000");
  });

$ curl http://localhost:3000/query/1%20%2F%207

Expected behavior / Express behavior

200 OK with body:

{
  "url": "/query/1%20%2F%207",
  "input": "1 / 7"
}

Actual behavior (5.2.0)

200 OK with body:

{
  "url": "/query/1%20%2F%207",
  "input": "1%20%2F%207"
}

(input is urlencoded when it should be decoded)

Actual behavior (next)

Server prints url /query/1 / 7.

Curl sees 404 Not Found.

[benmccann]

I hit this as well. I think that Polka should go back to the 0.x behavior for URL parsing. I don't want Polka to touch my URL at all but just pass along what was received. Netlify tried to decode just as Polka 1.x was trying and they decided it was a bad idea and had to revert the change just as I think we should here as well: https://answers.netlify.com/t/bug-fix-url-encoding-preserved-in-function-event/27080