Having double slashes in url, `//` does not invoke middleware in the `/functions` โ€“ sample code ๐Ÿ‘‡

I am using middleware in /functions to secure some pages. But when the url has double slashes //, wrangler doesn't run the middleware for the url. I have replicated the issue in a minimal repo here โ€“ https://github.com/Shivam010/cloudflare-double-slashes-issue There's a middleware in /functions/secure directory to be applied on all routes of /secure โ€“ https://github.com/Shivam010/cloudflare-double-slashes-issue/blob/main/functions/secure/_middleware.js And the /out/secure directory contains a file one.html which should be served at /secure/one (but first the middleware needs to be invoked) Now, the Problem... The middleware is properly invoked on /secure/one route but not on the //secure/one, whenever someone uses a double slash before the middleware directory, it doesn't run the middleware and instead directly serve the pages. Links: Hosted on: https://double-slashes-issue.pages.dev /secure/one route https://double-slashes-issue.pages.dev/secure/one //secure/one route https://double-slashes-issue.pages.dev//secure/one Middleware โ€“ https://github.com/Shivam010/cloudflare-double-slashes-issue/blob/main/functions/secure/_middleware.js --- Can somebody help me here!
GitHub
GitHub - Shivam010/cloudflare-double-slashes-issue
Contribute to Shivam010/cloudflare-double-slashes-issue development by creating an account on GitHub.
GitHub
cloudflare-double-slashes-issue/functions/secure/_middleware.js at ...
Contribute to Shivam010/cloudflare-double-slashes-issue development by creating an account on GitHub.
3 Replies
kian
kianโ€ข16mo ago
The URI spec treats foo.com/ and foo.com// as different URIs. You can set the URL normalisation mode to Cloudflare to apply additional normalisation on top of RFC 3986, that will turn // into /, but that can only be done on a custom domain.
kian
kianโ€ข16mo ago
How URL normalization works ยท Cloudflare Rules docs
URL normalization modifies separators, encoded elements, and literal bytes in incoming URLs so that they conform to a consistent formatting standard.
Shivam
ShivamOPโ€ข16mo ago
Oh, great thanks kian!
but that can only be done on a custom domain
Is there's any way this can be done for the corresponding *.pages.dev or if I can completely restrict the access to the *.pages.dev domain??
Want results from more Discord servers?
Add your server