Having double slashes in url, `//` does not invoke middleware in the `/functions` โ sample code ๐
I am using middleware in /functions to secure some pages. But when the url has double slashes //, wrangler doesn't run the middleware for the url.
I have replicated the issue in a minimal repo here โ https://github.com/Shivam010/cloudflare-double-slashes-issue
There's a middleware in
/functions/secure directory to be applied on all routes of /secure โ https://github.com/Shivam010/cloudflare-double-slashes-issue/blob/main/functions/secure/_middleware.js
And the /out/secure directory contains a file one.html which should be served at /secure/one (but first the middleware needs to be invoked)
Now, the Problem...
The middleware is properly invoked on /secure/one route but not on the //secure/one,
whenever someone uses a double slash before the middleware directory, it doesn't run the middleware and instead directly serve the pages.
Links:
Hosted on: https://double-slashes-issue.pages.dev
/secure/one route https://double-slashes-issue.pages.dev/secure/one
//secure/one route https://double-slashes-issue.pages.dev//secure/one
Middleware โ https://github.com/Shivam010/cloudflare-double-slashes-issue/blob/main/functions/secure/_middleware.js
---
Can somebody help me here!GitHub
GitHub - Shivam010/cloudflare-double-slashes-issue
Contribute to Shivam010/cloudflare-double-slashes-issue development by creating an account on GitHub.
GitHub
cloudflare-double-slashes-issue/functions/secure/_middleware.js at ...
Contribute to Shivam010/cloudflare-double-slashes-issue development by creating an account on GitHub.
3 Replies
The URI spec treats
foo.com/ and foo.com// as different URIs.
You can set the URL normalisation mode to Cloudflare to apply additional normalisation on top of RFC 3986, that will turn // into /, but that can only be done on a custom domain.How URL normalization works ยท Cloudflare Rules docs
URL normalization modifies separators, encoded elements, and literal bytes in incoming URLs so that they conform to a consistent formatting standard.
Oh, great thanks kian!
but that can only be done on a custom domainIs there's any way this can be done for the corresponding *.pages.dev or if I can completely restrict the access to the *.pages.dev domain??