ActiveSupport Message verifier with double slash trouble #27995
Description
Steps to reproduce
# routes.rb
get 'verify/*token'
# generate token
token = MessageVerifier.generate(:user_id=>1111, :recipient_id=>12975875, :email=>"xxxxxxx@xxxx.ru") #=>
"BAh7CDoMdXNlcl9pZGkCVwQ6EXJlY2lwaWVudF9pZGkDA//FOgplbWFpbEkiFHh4eHh4eHhAeHh4eC5ydQY6BkVU--03d313de249dab9fb0894db3353a2dc24fb65568"
# Send url with token to rails
curl http://localhost:3000/recipients/verify/BAh7CDoMdXNlcl9pZGkC7wk6EXJlY2lwaWVudF9pZGkDA//FOgplbWFpbEkiF2RtcGV0cm92bmFAbWFpbC5ydQY6BkVU--e2c138bb54209f7e31138fa0111d152c7d1c96cd
# Rails server log
Started GET "/verify/BAh7CDoMdXNlcl9pZGkC7wk6EXJlY2lwaWVudF9pZGkDA//FOgplbWFpbEkiF2RtcGV0cm92bmFAbWFpbC5ydQY6BkVU--e2c138bb54209f7e31138fa0111d152c7d1c96cd" for 127.0.0.1 at 2017-02-14 15:44:20 +0700
Processing as HTML
Parameters: {"token"=>"BAh7CDoMdXNlcl9pZGkC7wk6EXJlY2lwaWVudF9pZGkDA/FOgplbWFpbEkiF2RtcGV0cm92bmFAbWFpbC5ydQY6BkVU--e2c138bb54209f7e31138fa0111d152c7d1c96cd"}
Okey, i think to encode token // -> %2F%2F
But in production, send request to nginx on http
server {
listen 80;
server_name localhost;
location / {
rewrite ^(.*) https://$host$1 permanent;
}
location /.well-known/acme-challenge {
...
}
}
server {
listen 443;
server_name localhost;
ssl on;
location / {
proxy_pass http://rails-app;
proxy_redirect off;
}
Encoding lost after redirect to https. %2F%2F -> "//". Is mandatory normalization in block location on nginx.
May be, is it possible to disable the normalization of slashes on rails?
Expected behavior
"token"=>"BAh7CDoMdXNlcl9pZGkC7wk6EXJlY2lwaWVudF9pZGkDA//FOgplbWFpbEkiF2RtcGV0cm92bmFAbWFpbC5ydQY6BkVU--e2c138bb54209f7e31138fa0111d152c7d1c96cd"
Actual behavior
"token"=>"BAh7CDoMdXNlcl9pZGkC7wk6EXJlY2lwaWVudF9pZGkDA/FOgplbWFpbEkiF2RtcGV0cm92bmFAbWFpbC5ydQY6BkVU--e2c138bb54209f7e31138fa0111d152c7d1c96cd"
System configuration
Rails version: 4.2.5
Ruby version: 2.3.0