-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
should URLPattern be case sensitive or insensitive #28
Comments
FWIW I've always assumed URLs to be case sensitive and it would have been surprising to me for this to be case-insensitive. Depending how patterns are used, this could have security implications (both ways). For instance, a site which allows user profiles under Also, case sensitivity is somewhat tricky in the presence of non-ASCII characters, which would be URL-escaped and a naive case conversion algorithm wouldn't account for. (On the other hand, doing full Unicode case folding is a huge can of worms you definitely do not want to open.) |
What kind of case-insensitive? (Also, this feels a lot like #23 in what a solution might look like.) |
Are there different kinds of case-insensitive? For path-to-regexp it uses the RegExp To be clear, I think hostname always needs to be case-insensitive. So we're really talking about what to do with the rest of the URL components. |
Yeah, there's just ASCII and then there's various kinds of Unicode. And hostname doesn't need to be case-insensitve as the URL parser will normalize it. So if this does the same as the parser you can just compare for equality (which I think is what we want). |
Good to know URL normalizes the hostname. If we do the idea in #27 I think we would have to do the hostname normalization ourselves in that one case. |
Note, I opened a github "discussion" to collect community feedback on this issue. See #39. |
The prototype is case-sensitive and so far I think that is working well. I'm going to mark this decided for now. |
This is now codified in the spec. |
The path-to-regexp library is case insensitive by default with an option
sensitive:true
to override. In contrast, most components of a URL are case sensitive with the hostname being the only case insensitive part.What should URLPattern default to and should it provide an option to override?
We could follow path-to-regexp as our cowpath as to what is popular/expected and make all components case insensitive by default. We would then likely need to provide an option to require case sensitivity since it will matter in some URLs.
I believe @domenic advocates that we by default match URL behavior. We might need to provide an override option to always be case insensitive.
The text was updated successfully, but these errors were encountered: