Flask route doesn't capture parts containing urlencoded slash

Question

I have defined a Flask route as follows:

@app.route('/upload/from_url/<url:string>')
def upload_from_url(url: str) -> str:
    return {'url': url}

I also tried the route with <url> only. In any case, the route doesn't match if it contains a URL encoded slash. For example, this fails:

https://example.com/upload/from_url/https%3A%2F%2Fgithub.com

Whereas this one works:

https://example.com/upload/from_url/github.com

I am confused why Flask would decode the URL before attempting to match, that seems to defeat the purpose of the encoding.

What's the right way to approach this?

score 1 · Answer 1 · answered Jan 21 '23 at 14:51

1

It seems that this link partially answers your question:

It's said: This is a limitation in WSGI and there is nothing I can do about that. comment

ps: some comments there seem to be helpful or maybe there could be a workaround.

answered Jan 21 '23 at 14:51

shawn

Indeed. Well, this sucks. Unfortunately the workarounds (double or even triple encoding on client side) don't work if you have no control over the client. Well, I guess I'll have to look for a non-WSGI approach. Urgs. Thanks for the pointer! – knipknap Jan 21 '23 at 14:55
Yup, I also disagree about double-encoding, it just combine errors together to get a likely-correct result. It really sucks. – shawn Jan 21 '23 at 14:58

1 Answers1