Cannot use subapps with overlapped prefixes #3701
Labels
invalid
This doesn't seem right
Comments
|
This is by design: URL dispatcher handles all routes in the order of adding. Nothing to do here, the issue is not a bug |
|
@asvetlov what about slash ? if We add Why queries like |
|
Ah, I see. That's interesting. |
nikie
added a commit
to nikie/aiohttp
that referenced
this issue
Apr 22, 2019
nikie
added a commit
to nikie/aiohttp
that referenced
this issue
Apr 22, 2019
5 tasks
|
Hi, Eugene. |
|
Fixed by #3708 |
asvetlov
pushed a commit
that referenced
this issue
Aug 30, 2019
asvetlov
pushed a commit
that referenced
this issue
Aug 30, 2019
asvetlov
added a commit
that referenced
this issue
Aug 31, 2019
vadim2404
added a commit
to neondatabase/neon
that referenced
this issue
Jan 31, 2023
Bumps [aiohttp](https://github.com/aio-libs/aiohttp) from 3.7.0 to 3.7.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/releases">aiohttp's releases</a>.</em></p> <blockquote> <h2>aiohttp 3.7.3 release</h2> <h2>Features</h2> <ul> <li>Use Brotli instead of brotlipy <code>[#3803](aio-libs/aiohttp#3803) <https://github.com/aio-libs/aiohttp/issues/3803></code>_</li> <li>Made exceptions pickleable. Also changed the repr of some exceptions. <code>[#4077](aio-libs/aiohttp#4077) <https://github.com/aio-libs/aiohttp/issues/4077></code>_</li> </ul> <h2>Bugfixes</h2> <ul> <li>Raise a ClientResponseError instead of an AssertionError for a blank HTTP Reason Phrase. <code>[#3532](aio-libs/aiohttp#3532) <https://github.com/aio-libs/aiohttp/issues/3532></code>_</li> <li>Fix <code>web_middlewares.normalize_path_middleware</code> behavior for patch without slash. <code>[#3669](aio-libs/aiohttp#3669) <https://github.com/aio-libs/aiohttp/issues/3669></code>_</li> <li>Fix overshadowing of overlapped sub-applications prefixes. <code>[#3701](aio-libs/aiohttp#3701) <https://github.com/aio-libs/aiohttp/issues/3701></code>_</li> <li>Make <code>BaseConnector.close()</code> a coroutine and wait until the client closes all connections. Drop deprecated "with Connector():" syntax. <code>[#3736](aio-libs/aiohttp#3736) <https://github.com/aio-libs/aiohttp/issues/3736></code>_</li> <li>Reset the <code>sock_read</code> timeout each time data is received for a <code>aiohttp.client</code> response. <code>[#3808](aio-libs/aiohttp#3808) <https://github.com/aio-libs/aiohttp/issues/3808></code>_</li> <li>Fixed type annotation for add_view method of UrlDispatcher to accept any subclass of View <code>[#3880](aio-libs/aiohttp#3880) <https://github.com/aio-libs/aiohttp/issues/3880></code>_</li> <li>Fixed querying the address families from DNS that the current host supports. <code>[#5156](aio-libs/aiohttp#5156) <https://github.com/aio-libs/aiohttp/issues/5156></code>_</li> <li>Change return type of MultipartReader.<strong>aiter</strong>() and BodyPartReader.<strong>aiter</strong>() to AsyncIterator. <code>[#5163](aio-libs/aiohttp#5163) <https://github.com/aio-libs/aiohttp/issues/5163></code>_</li> <li>Provide x86 Windows wheels. <code>[#5230](aio-libs/aiohttp#5230) <https://github.com/aio-libs/aiohttp/issues/5230></code>_</li> </ul> <h2>Improved Documentation</h2> <ul> <li>Add documentation for <code>aiohttp.web.FileResponse</code>. <code>[#3958](aio-libs/aiohttp#3958) <https://github.com/aio-libs/aiohttp/issues/3958></code>_</li> <li>Removed deprecation warning in tracing example docs <code>[#3964](aio-libs/aiohttp#3964) <https://github.com/aio-libs/aiohttp/issues/3964></code>_</li> <li>Fixed wrong "Usage" docstring of <code>aiohttp.client.request</code>. <code>[#4603](aio-libs/aiohttp#4603) <https://github.com/aio-libs/aiohttp/issues/4603></code>_</li> <li>Add aiohttp-pydantic to third party libraries <code>[#5228](aio-libs/aiohttp#5228) <https://github.com/aio-libs/aiohttp/issues/5228></code>_</li> </ul> <h2>Misc</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst">aiohttp's changelog</a>.</em></p> <blockquote> <h1>3.7.4 (2021-02-25)</h1> <h2>Bugfixes</h2> <ul> <li> <p><strong>(SECURITY BUG)</strong> Started preventing open redirects in the <code>aiohttp.web.normalize_path_middleware</code> middleware. For more details, see <a href="https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg">https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg</a>.</p> <p>Thanks to <code>Beast Glatisant <https://github.com/g147></code>__ for finding the first instance of this issue and <code>Jelmer Vernooij <https://jelmer.uk/></code>__ for reporting and tracking it down in aiohttp. <code>[#5497](aio-libs/aiohttp#5497) <https://github.com/aio-libs/aiohttp/issues/5497></code>_</p> </li> <li> <p>Fix interpretation difference of the pure-Python and the Cython-based HTTP parsers construct a <code>yarl.URL</code> object for HTTP request-target.</p> <p>Before this fix, the Python parser would turn the URI's absolute-path for <code>//some-path</code> into <code>/</code> while the Cython code preserved it as <code>//some-path</code>. Now, both do the latter. <code>[#5498](aio-libs/aiohttp#5498) <https://github.com/aio-libs/aiohttp/issues/5498></code>_</p> </li> </ul> <hr /> <h1>3.7.3 (2020-11-18)</h1> <h2>Features</h2> <ul> <li>Use Brotli instead of brotlipy <code>[#3803](aio-libs/aiohttp#3803) <https://github.com/aio-libs/aiohttp/issues/3803></code>_</li> <li>Made exceptions pickleable. Also changed the repr of some exceptions. <code>[#4077](aio-libs/aiohttp#4077) <https://github.com/aio-libs/aiohttp/issues/4077></code>_</li> </ul> <h2>Bugfixes</h2> <ul> <li>Raise a ClientResponseError instead of an AssertionError for a blank HTTP Reason Phrase. <code>[#3532](aio-libs/aiohttp#3532) <https://github.com/aio-libs/aiohttp/issues/3532></code>_</li> <li>Fix <code>web_middlewares.normalize_path_middleware</code> behavior for patch without slash. <code>[#3669](aio-libs/aiohttp#3669) <https://github.com/aio-libs/aiohttp/issues/3669></code>_</li> <li>Fix overshadowing of overlapped sub-applications prefixes. <code>[#3701](aio-libs/aiohttp#3701) <https://github.com/aio-libs/aiohttp/issues/3701></code>_</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/aio-libs/aiohttp/commit/0a26acc1de9e1b0244456b7881ec16ba8bb64fc3"><code>0a26acc</code></a> Bump aiohttp to v3.7.4 for a security release</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/021c416c18392a111225bc7326063dc4a99a5138"><code>021c416</code></a> Merge branch 'GHSA-v6wp-4m6f-gcjg' into master</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/4ed7c25b537f71c6245bb74d6b20e5867db243ab"><code>4ed7c25</code></a> Bump chardet from 3.0.4 to 4.0.0 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/5333">#5333</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/b61f0fdffc887df24244ba7bdfe8567c580240ff"><code>b61f0fd</code></a> Fix how pure-Python HTTP parser interprets <code>//</code></li> <li><a href="https://github.com/aio-libs/aiohttp/commit/5c1efbc32c46820250bd25440bb7ea96cb05abe9"><code>5c1efbc</code></a> Bump pre-commit from 2.9.2 to 2.9.3 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/5322">#5322</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/007507580137efcc0a20391a0792f39b337d9c1a"><code>0075075</code></a> Bump pygments from 2.7.2 to 2.7.3 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/5318">#5318</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/5085173d947e6cc01b6daf1aa48fe7698834c569"><code>5085173</code></a> Bump multidict from 5.0.2 to 5.1.0 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/5308">#5308</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/5d1a75e68d278c641c90021409f4eb5de1810e5e"><code>5d1a75e</code></a> Bump pre-commit from 2.9.0 to 2.9.2 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/5290">#5290</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/6724d0e7a944fd7e3a710dc292d785fa8fe424fd"><code>6724d0e</code></a> Bump pre-commit from 2.8.2 to 2.9.0 (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/5273">#5273</a>)</li> <li><a href="https://github.com/aio-libs/aiohttp/commit/c688451ce31b914c71b11d2ac6c326b0c87e6d1f"><code>c688451</code></a> Removed duplicate timeout parameter in ClientSession reference docs. (<a href="https://github-redirect.dependabot.com/aio-libs/aiohttp/issues/5262">#5262</a>) ...</li> <li>Additional commits viewable in <a href="https://github.com/aio-libs/aiohttp/compare/v3.7.0...v3.7.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/neondatabase/neon/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Vadim Kharitonov <vadim@neon.tech>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Long story short
If I add to main app one subapp with prefix "/qwe/" and then add another subapp with prefix "/qwerty/" then routing to second subapp does not work. But if I firstly add subapp with prefix "/qwerty/" and then subapp with prefix "/qwe/" then everything works fine. See example.
Steps to reproduce
Your environment
aiohttp 3.5.4
The text was updated successfully, but these errors were encountered: