Skip to content
This repository has been archived by the owner on Feb 6, 2024. It is now read-only.

clean_service_url should not remove trailing slashes #165

Open
lchanouha opened this issue May 22, 2016 · 1 comment
Open

clean_service_url should not remove trailing slashes #165

lchanouha opened this issue May 22, 2016 · 1 comment

Comments

@lchanouha
Copy link

lchanouha commented May 22, 2016
edited by pencil
Loading

Removing trailing slashing breaks single sign-out function because url of type is called

https://example.com/service

whereas my service URL is https://example.com/service/

Apache sends an 301 http redirect, which CASinos not follows. This is the default configuration for most common web servers, and removing redirection with the directive DirectorySlash Off is very unsecure.

My solution is:

--- a/app/processors/casino/service_ticket_processor.rb
+++ b/app/processors/casino/service_ticket_processor.rb
@@ -19,7 +19,9 @@ module CASino::ServiceTicketProcessor
       service_uri.query_values = nil
     end

-    service_uri.path = (service_uri.path || '').gsub(/\/+\z/, '')
+    service_uri.path = (service_uri.path || '')
+    #.gsub(/\/+\z/, '')
     service_uri.path = '/' if service_uri.path.blank?

     service_uri.normalize.to_s.tap do |clean_service|

A better way is to call clean_service_url only for display purposes.
@luxflux
Copy link
Member

luxflux commented Sep 16, 2016

Hmm, I'm not sure about why we have this in place. @pencil, do you know something?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@luxflux @lchanouha