Today I've came across an interesting Google Chrome behaviour.
Let's say that I have a web App that lets us see the information about the user:
http://app.com/user/Rok/info
Now let's assume we have an user named ..
. When we visit his information page,
http://app.com/user/../info
you can see in the Developer Tools that the browser makes the request to app.com/info
.
Why is the browser doing that? It should pass this decision to the server.
Novadays, URIs are no longer directly bound to the filesystem. I was wondering whether there is a spec that targets this specific.
I was just trying to figure this out for myself, and it looks like it's specifically addressed in RFC 3986, § 5.2.4:
The pseudocode also refers to a
remove_dot_segments
routine for interpreting and removing the special.
and..
complete path segments from a referenced path. This is done after the path is extracted from a reference, whether or not the path was relative, in order to remove any invalid or extraneous dot-segments prior to forming the target URI.[…]
Note that dot-segments are intended for use in URI references to express an identifier relative to the hierarchy of names in the base URI. The
remove_dot_segments
algorithm respects that hierarchy by removing extra dot-segments rather than treat them as an error or leaving them to be misinterpreted by dereference implementations.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With