Double slashes aren't being handled correctly

[scampana-coalition]

When a request is made with double slashes and merge_slashes is set to false the request is returning a 200 redirect (308). This is only true if the route is currently defined in the app. This seems to be a change in behavior starting in version 2.2.0. Previously which seems expected it was returning a 404. Checking the latest version of Werkzueg this behavior still seems to be happening (returning the redirect instead of 404).

This is a basic flask app configuration that can be used.

from flask import Flask

app = Flask(__name__)
app.url_map.merge_slashes = False


@app.route('/api')
def api():
    return 'Hello, World!'


@app.route('/api/path')
def packages():
    return 'Hello, Welcome!'

making this curl request returns a redirect with any version of werkzueg >=2.2.0, previously it returned a 404.

curl http://127.0.0.1:5000/api//path

If you make a request to a path that isn't created in the app with double slashes then it returns a 404.

curl http://127.0.0.1:5000/api//something-else

The request with the double slashes in the url should be returning a 404 since the merge_slashes is set to False and it shouldn't be trying to redirect.

Environment:

• Python version: 3.11
• Werkzeug version: 2.2.0