Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the reasoning Chrome resolves double dot in URI?

Today I've came across an interesting Google Chrome behaviour.

Let's say that I have a web App that lets us see the information about the user:

http://app.com/user/Rok/info

Now let's assume we have an user named ... When we visit his information page,

http://app.com/user/../info

you can see in the Developer Tools that the browser makes the request to app.com/info.

Why is the browser doing that? It should pass this decision to the server.

Novadays, URIs are no longer directly bound to the filesystem. I was wondering whether there is a spec that targets this specific.

like image 485
Rok Kralj Avatar asked Dec 09 '13 17:12

Rok Kralj


1 Answers

I was just trying to figure this out for myself, and it looks like it's specifically addressed in RFC 3986, § 5.2.4:

The pseudocode also refers to a remove_dot_segments routine for interpreting and removing the special . and .. complete path segments from a referenced path. This is done after the path is extracted from a reference, whether or not the path was relative, in order to remove any invalid or extraneous dot-segments prior to forming the target URI.

[…]

Note that dot-segments are intended for use in URI references to express an identifier relative to the hierarchy of names in the base URI. The remove_dot_segments algorithm respects that hierarchy by removing extra dot-segments rather than treat them as an error or leaving them to be misinterpreted by dereference implementations.

like image 113
greymouser Avatar answered Nov 11 '22 01:11

greymouser