CD
Cloudflare Developersβ€’9mo ago
Shivam

Having double slashes in url, `//` does not invoke middleware in the `/functions` – sample code πŸ‘‡

I am using middleware in /functions to secure some pages. But when the url has double slashes //, wrangler doesn't run the middleware for the url. I have replicated the issue in a minimal repo here – https://github.com/Shivam010/cloudflare-double-slashes-issue There's a middleware in /functions/secure directory to be applied on all routes of /secure – https://github.com/Shivam010/cloudflare-double-slashes-issue/blob/main/functions/secure/_middleware.js And the /out/secure directory contains a file one.html which should be served at /secure/one (but first the middleware needs to be invoked) Now, the Problem... The middleware is properly invoked on /secure/one route but not on the //secure/one, whenever someone uses a double slash before the middleware directory, it doesn't run the middleware and instead directly serve the pages. Links: Hosted on: https://double-slashes-issue.pages.dev /secure/one route https://double-slashes-issue.pages.dev/secure/one //secure/one route https://double-slashes-issue.pages.dev//secure/one Middleware – https://github.com/Shivam010/cloudflare-double-slashes-issue/blob/main/functions/secure/_middleware.js --- Can somebody help me here!
GitHub
GitHub - Shivam010/cloudflare-double-slashes-issue
Contribute to Shivam010/cloudflare-double-slashes-issue development by creating an account on GitHub.
GitHub
cloudflare-double-slashes-issue/functions/secure/_middleware.js at ...
Contribute to Shivam010/cloudflare-double-slashes-issue development by creating an account on GitHub.
3 Replies
kian
kianβ€’9mo ago
The URI spec treats foo.com/ and foo.com// as different URIs. You can set the URL normalisation mode to Cloudflare to apply additional normalisation on top of RFC 3986, that will turn // into /, but that can only be done on a custom domain.
kian
kianβ€’9mo ago
https://developers.cloudflare.com/rules/normalization/how-it-works/
How URL normalization works Β· Cloudflare Rules docs
URL normalization modifies separators, encoded elements, and literal bytes in incoming URLs so that they conform to a consistent formatting standard.
Shivam
Shivamβ€’9mo ago
Oh, great thanks kian!
but that can only be done on a custom domain
Is there's any way this can be done for the corresponding *.pages.dev or if I can completely restrict the access to the *.pages.dev domain??
Want results from more Discord servers?
Add your server
More Posts
I would never say features areI would never say features are β€œcomplete”, even at GA. There’s a near infinite list of things to buiCloudfared Gateway error code 502 from pc and not phoneSo i keep getting Gateway error, code 502 with the cloudfared page. I thought i fixed it removing thI just started migrating from KV to D1 II just started migrating from KV to D1. I can create & access the database fine in the web ui, but IFunctions directory not working with nextjs app.Hi, I have set up and deployed a nextjs app following https://developers.cloudflare.com/pages/frameI am new to Cloudflare WorkerPlease help me with below error C:\Users\Administrator\Downloads\Youtubedownloader\youtubedownloadeIs there a way to match a subdomain in a firewall rule without explicitly writing the zone name?If there's a field where I can get the zone name dynamically that would be nice, e.g. something likeDeployment-specific URLs give 404 while custom domain alias works fineFor every build after a certain time (somewhere around 5:00 pm CDT) the deployment-specific URLs givBundling of remote dependenciesI'm trying to import a function from a package that is _browser first_. That is `exports: { browser:Why we can't delete a Custom Firewall Rule via the API?It stays as "Unused Filter" and disabled. But still there. curl -s -X DELETE "https://api.cloudflarBindings aren't accessible during Pages buildHey folks! Not sure if this is a deliberate design decision or a bug - I'm erring on the side of del