asgi_send_redirect() only collapsed leading forward slashes, so a path
like /\example.com/ produced a Location of /\example.com. Browsers
normalise backslashes to forward slashes, turning that into the
protocol-relative //example.com and redirecting off-site. Collapse any
run of leading slashes and backslashes to a single slash.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* Issue 2429 indicates the possiblity of an open redirect
The 404 processing ends up redirecting a request with multiple path
slashes to that site, i.e.
https://my-site//shedcode.co.uk will redirect to https://shedcode.co.uk
This commit uses a regular expression to remove the multiple leading
slashes before redirecting.
Closes#1238
- base_url no longer causes custom page routing to fail
- new route_path key in request.scope storing the path that was used for routing with the base_url prefix stripped
- TestClient used by tests now avoids accidentally double processing of the base_url prefix
