ap / plack-middleware-rewrite Goto Github PK

If rules code returns arrayref with 3xx status, its location is ignored, usually resulting in infinite redirect.
Example:

use strict;
use warnings;

use Plack::Builder;

builder {
    enable 'Rewrite', rules => sub {
        return [ 302, [ Location => '/foo'], [] ] if /bar/;
    };
    sub {
        my $env = shift;
        return [200, [], [ "Path: $env->{PATH_INFO}" ] ];
    };
};

This app produces an infinite redirect if asked for /bar url.

PS: The reason I'm using it this way instead of substituting $_ and returning 302 is that I call external $app on different rules, and they handle some rewriting themselves.

I got this error running tests:

#   Failed test '... which is XSS-safe'
#   at t/rewrite.t line 77.
#                   '<!DOCTYPE html><title>Moved</title>This resource has moved to <a href="http://localhost/tempted%26badly/">a new address</a>.'
#     doesn't match '(?^:<a href="http://localhost/tempted&amp;badly/">)'
# Looks like you failed 1 test of 29.
t/rewrite.t ..

The difference has to do with whether or not the & is URL-encoded. I don't know exactly what the test is doing, and whether this detail is important. But one fix would be this (line 124 of t/rewrite.t):

like $res->content, qr!<a href="http://localhost/tempted(&amp;|%26)badly/">!, '... which is XSS-safe';

This sounds very cool:

Its primary purpose is rewriting paths, but almost anything is possible very easily.

But:

Just as in request, the PSGI environment is passed as first and only argument.

From now I can not rewrite response code based on response body/headers

It will be cool if you pass whole $res array as second parameter too